OWASP Mutillidae II: Keep Calm and Pwn On
|
|
|
|
Directory Browsing
|
Some web servers are misconfigured and allow directory browsing. This an easy mistake to make. While
most sites disable directory browsing on the "home" or root page, some allow browsing on other directories.
For each folder found in the site, attempt to browse to the folder without the page name. If using grep,
look for "Index Of" as a match. |
|
OWASP Mutillidae II seems to disallow directory browsing on the root page. Try browsing to
http://localhost/mutillidae. Likely this will load the home page. However, the site may not
be configured perfectly. Perhaps if a folder name was known, we could try to browse to that
folder (i.e. - http://localhost/mutillidae/<folder>).
If help is needed figuring out folder names, try activating hints.
|
|
|