Hi all,
One of my co-workers and I do web development on the side (independently, for the most part), and we double-check each other's work from a pseudo-pentesting standpoint. (The mandatory "I have permission and it's not that I'm up to no good" introduction!)
Anyway, he has set up a few very basic directories (simple html site), but what is perplexing me is this:
domain.com/main/index.html is the landing page for "domain.com", and it appears with the full path in the address bar.
domain.com/main/contact.html, etc are the rest of the "public" pages
domain.com/members is protected with .htpasswd, and is basically the same as the main directory
domain.com/members/index.html
domain.com/members/content.html
etc..
However:
"domain.com/terms-of-service" doesn't have a file extension. When I tried various extensions, it got even stranger:
.html shows the correct page, while .htm, .cfm, .asp/x, etc all result in a 404 error...
But...
domain.com/terms-of-service.php" results in a blank white page with "No input file specified", and the URL in the TITLE area.
I tried a few basic GET parameters, but don't seem to be getting anywhere. It would appear that there are two copies of the same file: a PHP version and an HTML version. The rest of the site is in HTML, so it doesn't make sense that he'd have PHP for the TOS and privacy policy... unless he made them .php out of habit lol
I'm still trying to wrap my head around this before I see him Monday and have to admit defeat... any thoughts? Do you think this could pose a weakness?
Strange file extension issue in web server
4 posts • Page 1 of 1
Strange file extension issue in web server
by senjespar on Wed Jun 22, 2011 11:56 am
([msg=58838]see Strange file extension issue in web server[/msg])
-Sen
-
senjespar - New User
- Posts: 3
- Joined: Mon Jun 13, 2011 1:59 pm
- Blog: View Blog (0)
Re: Strange file extension issue in web server
by dist0rted on Wed Jun 22, 2011 12:05 pm
([msg=58839]see Re: Strange file extension issue in web server[/msg])
FYI .htpasswd is very insecure and easily brute forced in most cases with minimal effort unless your passwords are extravigantly long. (Check out the THCHydra program and you'll see what I mean... 
)
That being said, definitely (unless he knows what you're up to and decided to throw you a curveball on purpose). I'd look for anything that mentions the TOS in the regular web site with any hint on whatever input it's looking for.
)That being said, definitely (unless he knows what you're up to and decided to throw you a curveball on purpose). I'd look for anything that mentions the TOS in the regular web site with any hint on whatever input it's looking for.
All knowledge is good; only the way it is put into action can be good or evil. - An ape from the original Planet of the Apes
Feel free to PM
Feel free to PM
-
dist0rted - New User
- Posts: 6
- Joined: Fri Dec 31, 2010 4:58 am
- Blog: View Blog (0)
Re: Strange file extension issue in web server
by Goatboy on Wed Jun 22, 2011 6:04 pm
([msg=58866]see Re: Strange file extension issue in web server[/msg])
I'm guessing that the TOS defaults to .html, so when you exclude the extension it works. Adding the extension makes no difference. Adding .php calls a different file which is expecting params. The default page is probably defined in a .htaccess file.
Mundus Vult Decipi
-
Goatboy - Expert
- Posts: 2443
- Joined: Mon Jul 07, 2008 9:35 pm
- Blog: View Blog (0)
Re: Strange file extension issue in web server
by senjespar on Fri Jun 24, 2011 12:41 pm
([msg=58954]see Re: Strange file extension issue in web server[/msg])
I'll check out any references to TOS in the site, and see if I can download the .htaccess file and go from there.
Thanks!
Thanks!
-Sen
-
senjespar - New User
- Posts: 3
- Joined: Mon Jun 13, 2011 1:59 pm
- Blog: View Blog (0)
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests