Web Application Security
*Note: Email address will appear as "user domain ext" to prevent harvesting.
RE: Directory Scanner Feb 14 2012 02:09PM
Calderon, Juan Carlos \(GE, Corporate, consultant\) (juan calderon ge com)
Oops one last comment,

If you implement option 2, do not show different error messages when
file exist or when user cannot access it, show a generic "document is
not available for you" or similar message. Otherwise, enumeration is
still possible although you cannot have immediate access to the do...

[ more ]  

Privacy Statement
Copyright 2010, SecurityFocus