Security bug

Sagar Gaikwad sagargaikwad4385 at gmail.com
Tue Apr 3 08:10:19 EDT 2018


*Bug*:Forced Directory Browsing / directory traversal

*Reference*:
https://www.owasp.org/index.php/Forced_browsing
https://www.owasp.org/index.php/Path_Traversal



Report produced on Tue Apr 03 17:36:34 IST 2018
--------------------------------

https://www.pidgin.im:443
--------------------------------
Directories found during testing:

Dirs found with a 200 response:

/
/download/
/about/
/img/
/support/
/security/
/support/
/shared/
/shared/img/
/projects/
/download/windows/
/download/linux/
/download/mac/
/download/source/
/wiki/
/shared/css/
/shared/js/
/news/security/
/mailman/
/shared/img/screens/
/shared/
/pipermail/
/shared/js/ie7/
/news/blogs/
/images/mailman/
/javascript/
/Projects/
/ChangeLog/
/win32/
/~elb/
/inc/
/~seanegan/
/~elb/blog/
/~kstange/
/~kstange/blog/
/javascript/excanvas/
/javascript/jquery/
/javascript/sphinxdoc/
/javascript/underscore/
/IMG/
/Wiki/
/~kstange/cgi-bin/
/javascript/sphinxdoc/1.0/
/Img/
/Shared/
/PROJECTS/

Dirs found with a 301 response:

/news/
/faq/
/docs/
/doc/
/documents/
/faqs/
/documentation/
/document/
/faq4/
/doctor-foto/
/faq15/
/faq13/
/faq1/
/docsis/
/doctor/
/docman/
/documentary/
/faq2/
/documentos/
/docu/
/docket/
/document_view/
/document_icon/
/gdb/
/doctorow/
/document_management/
/documenten/
/documenti/
/documentaries/
/docview/
/faq6/
/faq5/
/faq3/
/doctors/
/docid/
/faq-en/
/docroot/
/doctrine/
/faq_off/
/faq8/
/docDisplay/
/faq_icon/
/faq7/
/docbook/
/docomo/
/doctoral/
/documentacion/
/faqnew/
/faq_images/
/doc_view/
/docenti/
/faq_list/

Dirs found with a 500 response:

/~seanegan/blog/


--------------------------------
Files found during testing:

Files found with a 200 responce:

/shared/403.php
/shared/css/ie6.css
/shared/css/ie7.css
/shared/js/ie7-hacks.js
/shared/css/main.css
/shared/js/ie7/ie7-content.htc
/shared/js/ie7/ie7-css-strict.js
/shared/js/ie7/ie7-core.js
/shared/js/ie7/ie7-css2-selectors.js
/shared/js/ie7/ie7-css3-selectors.js
/shared/js/ie7/ie7-dhtml.js
/shared/js/ie7/ie7-dynamic-attributes.js
/shared/js/ie7/ie7-fixed.js
/shared/js/ie7/ie7-graphics.js
/shared/js/ie7/ie7-html4.js
/shared/js/ie7/ie7-ie5.js
/shared/js/ie7/ie7-layout.js
/shared/js/ie7/ie7-load.htc
/shared/js/ie7/ie7-object.htc
/shared/js/ie7/ie7-overflow.js
/shared/js/ie7/ie7-quirks.js
/shared/js/ie7/ie7-recalc.js
/shared/js/ie7/ie7-server.css
/shared/js/ie7/ie7-squish.js
/shared/js/ie7/ie7-xml-extras.js
/shared/js/ie7/ie7-standard-p.js
/~elb/771fc72b.asc
/~elb/newkey.txt.asc
/~elb/mtn-pubkey-elb.txt
/~seanegan/gtkimhtml2.tar.bz2
/~elb/mtn-pubkey-elb.txt.asc
/inc/header.inc
/~seanegan/status.php
/~seanegan/statusbox.tar.gz
/~elb/blog/gmail_dos.html
/~seanegan/seanegan.tar.gz
/~kstange/.htaccess
/~elb/blog/giving_back.html
/~elb/blog/help_us_help_you.html
/~elb/blog/terminals.html
/~elb/blog/book.html
/~elb/blog/architecture.html
/~elb/blog/going_public.html
/javascript/excanvas/excanvas.compiled.js
/javascript/excanvas/excanvas.js
/javascript/underscore/underscore.js
/javascript/sphinxdoc/index
/javascript/jquery/jquery.js
/javascript/excanvas/excanvas.min.js
/javascript/jquery/version.txt
/javascript/underscore/underscore.min.js
/javascript/jquery/jquery.lite.js
/javascript/jquery/jquery.min.js
/javascript/jquery/jquery.pack.js
/~kstange/cgi-bin/pyblosxom.cgi
/javascript/sphinxdoc/1.0/doctools.js
/javascript/sphinxdoc/1.0/searchtools.js
/javascript/sphinxdoc/1.0/jquery.js
/javascript/sphinxdoc/1.0/sidebar.js
/javascript/sphinxdoc/1.0/theme_extras.js
/javascript/sphinxdoc/1.0/underscore.js

Files found with a 500 responce:

/~kstange/cgi-bin/.htaccess


--------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20180403/416defc7/attachment.html>


More information about the security mailing list