[WEB SECURITY] "Meanwhile, on the other side of the web server" - a writeup by Amit Klein

Amit Klein (AKsecurity) aksecurity at hotpop.com
Fri Jun 10 10:53:20 EDT 2005


On 10 Jun 2005 at 9:48, Richard Moore wrote:

> Nice summary Amit. One thing I'd add is the use of search engines
> to allow an attacker to discover information that has been
> incorrectly protected, or to find attack targets (as several
> worms have done by searching for banners). Of course, these
> attacks can occur without the attacker ever having to make
> a request of your web app. I mentioned one example of this
> on the risks list a while ago (I'm sure I wasn't the first),
> but other searches such as 'this document is confidential'
> still get lots of hits.
> 
> http://catless.ncl.ac.uk/Risks/22.64.html#subj9.1
> 

Right. While not precisely an HTTP device between the user and the server, this is still an 
example of a vulnerability from the "other side of the web server".

Thanks for pointing at this,
-Amit

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list