Feedback Form
Signup Login Acceptable Use
Go
Home Members Join Search Questions Support

Subjects:

Acceptance Essays

Arts

Custom Papers

English

Foreign

History

Miscellaneous

Movies

Music

Novels

People

Politics

Religion

Science

Sports

Technology

Quality
Research
Material!

Basic Directory Transversal

When digging into a system it is always smart to look for obvious lack of security instead of

looking at holes within the security. In other words, if you want to poke around a system, look

for the obvious, visible openings before engaging in actually attacking the security of the system.

I look at this as being given access instead of gaining unauthorized access, which legally, is a

big difference. Now I am not a lawyer, but these are two completely different things in my

Basic directory transversal involves seeing what directories are publicly accessible without

"breaking into" anything. More advanced forms of directory transversal involve using these

basic principles to slide through security by using things like "/../" and hex codes to try and fool

the software into allowing you access to directories that were not intended to be accessible.

But let’s stick to the basics for now. For example, depending on the type of web server

running, you are probably familiar with the fact that there is a specific default directory structure

that usually contains at least one subfolder called "images". No HTML is usually store

. . .

View the whole essay, without interruption
d in this

directory, but there are images there. You

may click on a link from the main page to a page located at ". Again, I do not

know the law, but I am sure it sides with the companies who own the sites. If the privileges are not set up properly, you can browse

to the images directory and see all of the files contains within. Either the administrators are too lazy to lock that directory down, or they don’t

even realize that it is publicly accessible. If we have the potential to go to

jail, so should they. It is usually these directories that are

unsecured. You might find

directories called "content", "templates", "members", or pretty much anything. If

you do, I think you as an administrator should be held responsible.

Take this one step further and see what other directories you can get into.

They may be pages that are under construction, or pages that have been removed for one

reason or another (when I say removed, I mean that the links were removed, but obviously the

pages may still exist). Isn’t it hypocrisy to punish

hackers for accessing a file yet not punishing the host for releasing the file? They should be held

accountable for their mistakes instead of blaming the hackers. Each one of

these folder should be locked down to prevent unauthorized access.

Approximate Word count = 781
Approximate Pages = 3 (250 words per page double spaced)

Simply subscribe to view this paper, and 100,000 others.

CREDIT CARD
ONLINE CHECK
JOIN BY PHONE
Members get exclusive access to over 100,000 essays.
Don't pay per page, get instant access to the whole database.

Essay's Topics

directory structure
publicly accessible
directory structure site
site notice
directory transversal
unauthorized access
structure site
home page

All research is for reference purposes only.

Copyright (c) 2001-2008 Mega Essays LLC, All rights reserved. DMCA