|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Warchild (warchild
spoofed.org)Date: Mon Jan 21 2002 - 21:04:39 CST
>
> -----Original Message-----
> From: Kevin Spett [mailto:kspettspidynamics.com]
> Sent: Monday, January 21, 2002 5:12 PM
> To: markcurphey.com; owaspsecurityfocus.com
> Subject: Re: OWASP : What to test ?
>
<snip>
I've found robots.txt to be a very plentiful source of information. Even if
the files/directories listed there no longer exist, it sometimes can give
you a good idea of what things _previously_ looked like. In a better
situation, it might give you a peak at some locations that are
difficult/impossible to navigate to by only following links from their
webtree (i.e., no guessing, links from elsewhere).
Good examples include:
http://grc.com/robots.txt
http://redhat.com/robots.txt
http://www.sourceforge.net/robots.txt
http://www.virtualdr.com/robots.txt
So a good test might be to see if those files/directories still exist, and
if not, are they referenced elsewhere in the webroot, perhaps using a
different name/path?
-warchild
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]