Follow us on Twitter!
Ideas are far more powerful than guns.
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 15
Guests Online: 12
Members Online: 3

Registered Members: 82810
Newest Member: TheDuke777
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

CEH course questions


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-04-08 01:21
i have been reading the certified ethical hacker course a friend gave to me and i have a couple of questions under the web server hacking section.

I'll post some here but i would like if i could pm someone about this so not to disrupt the forums to much

1) it says in Apache that a URL with a large amount of trailing slashes will produce a Dir listing

example .../cgi-bin/////////////////////////////////////////

it doesn't explain why this happens and i am having a hard time with Google.

2)IIS. it says appending a +.htr onto a .asp will cause the server to reveal its own script. again why?

can i would like to pm someone with questions like these.

thank you for your time


thanks spy.




Edited by on 27-04-08 01:41
Author

RE: CEH course questions

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 27-04-08 01:33
2: http://www.microsoft.com/technet/security/bulletin/MS01-004.mspx



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: CEH course questions


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-04-08 01:38
just a guess on #2 (I don't know), but if it is told it needs to execute .asp script then it wont care about executing the other stuff, and will just post it.

Edited by on 27-04-08 01:40
Author

RE: CEH course questions


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-04-08 01:53
actually its becasue there is a htr file and adding that make the htr file execute the requested file