[WEB SECURITY] "Meanwhile, on the other side of the web server" - a writeup by Amit Klein

Amit Klein (AKsecurity) aksecurity at hotpop.com
Fri Jun 10 10:53:20 EDT 2005

On 10 Jun 2005 at 9:48, Richard Moore wrote:

> Nice summary Amit. One thing I'd add is the use of search engines
> to allow an attacker to discover information that has been
> incorrectly protected, or to find attack targets (as several
> worms have done by searching for banners). Of course, these
> attacks can occur without the attacker ever having to make
> a request of your web app. I mentioned one example of this
> on the risks list a while ago (I'm sure I wasn't the first),
> but other searches such as 'this document is confidential'
> still get lots of hits.
> http://catless.ncl.ac.uk/Risks/22.64.html#subj9.1

Right. While not precisely an HTTP device between the user and the server, this is still an 
example of a vulnerability from the "other side of the web server".

Thanks for pointing at this,

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list