Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
RE: Directory Scanner
Feb 14 2012 02:09PM
Calderon, Juan Carlos \(GE, Corporate, consultant\) (juan calderon ge com)
Oops one last comment,
If you implement option 2, do not show different error messages when
file exist or when user cannot access it, show a generic "document is
not available for you" or similar message. Otherwise, enumeration is
still possible although you cannot have immediate access to the do...
[ more ]
Copyright 2010, SecurityFocus