Try this ressources if you can access files, but not listing them.
- http://pwnwiki.io/#!presence/windows/blind.md
In Apache and probably more systems you can “travel over” non-existing files because the path is shortened before checking the existence of a file. Example: /test/test.txt/../../index.html will return in an Apache the root’s index.html even if the test direcory and test file doesn’t exist.
Leave a Reply
You must be logged in to post a comment.