Tools such as dirbuster and dirb do this automatically. I assume the files are stored here so they can be accessed by a remote application?įile names can be easily brute forced by an attacker. However, URLs are not considered secure as they are logged in browser history, proxy and server logs and can also be leaked by browsers' referer header. Unless there is a runnable script on your server that does this, it is not possible to view the directory contents via the web. Now, if you navigate to this URL you get a 403 Forbidden error? However, if you know the name of a file you can go to and it is possible to view the document at this location? I gather from your information that there is a web server with a directory setup on the web like so I am only asking if it is really possible. Is it possible to bypass a 403 error on the web? I say no. So that leads me here and to my question. But other people on the team say that a hacker can still somehow access it. On the other hand, I think this is not such a big deal since if a user on the outside tried to go to that directory, his web browser will throw the 403 error. A programmer on our team has made a big deal about this and the fact that the files are placed on a server that is accessalbe to the outside world. Some files are placed there with some secure information.
So if you type the path to that directory in a web browser, the web browser will say that it is not accessable and it will throw a 403 error. On a web server the IIS has set up a directory for a project we are such that it is not accessable to the outside. Is it possible to bypass a 403 error on the web?
0 kommentar(er)
