forked from webpwnized/mutillidae
-
Notifications
You must be signed in to change notification settings - Fork 1
/
directory-browsing.php
executable file
·30 lines (28 loc) · 1.26 KB
/
directory-browsing.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<div class="page-title">Directory Browsing</div>
<?php include_once (__ROOT__.'/includes/back-button.inc');?>
<?php include_once (__ROOT__.'/includes/hints/hints-menu-wrapper.inc'); ?>
<table style="margin-left:auto; margin-right:auto; width: 600px;">
<tr>
<td class="form-header">Directory Browsing</td>
</tr>
<tr><td></td></tr>
<tr>
<td>Some web servers are misconfigured and allow directory browsing. This an easy mistake to make. While
most sites disable directory browsing on the "home" or root page, some allow browsing on other directories.
For each folder found in the site, attempt to browse to the folder without the page name. If using grep,
look for "Index Of" as a match.</td>
</tr>
<tr><td></td></tr>
<tr>
<td style="text-align:center;">
OWASP Mutillidae II seems to disallow directory browsing on the root page. Try browsing to
http://localhost/mutillidae. Likely this will load the home page. However, the site may not
be configured perfectly. Perhaps if a folder name was known, we could try to browse to that
folder (i.e. - http://localhost/mutillidae/<folder>).
<br>
<br>
If help is needed figuring out folder names, try activating hints.
</td>
</tr>
<tr><td> </td></tr>
</table>