https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Sk9 2026-04-04T14:58:15Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=Forced_browsing&diff=19884 2007-07-15T17:19:58Z

<p>Sk9: /* Attack Description */</p> <hr /> <div>{{Template:Attack}}<br /> <br /> ==Attack Description==<br /> <br /> Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.<br /> <br /> One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found. A related technique is to use a scanning tool like [http://www.ngolde.de/w3bfukk0r.html w3bfukk0r] or [[nikto]] to request common directories until a hidden file or directory is found.<br /> <br /> Another technique is to use manual penetration testing to attempt access to resources that are not referenced in the application. For example, an attacker might use [[WebScarab]] to change request parameters that specify the target resource.<br /> <br /> ==Related Threats==<br /> <br /> ==Related Vulnerabilities==<br /> <br /> [[Failure to verify authorization]]<br /> <br /> [[Failure to disable directory listings]]<br /> <br /> ==Related Countermeasures==<br /> <br /> [[:Category:Access Control | Access Control]]<br /> <br /> {{Template:Stub}}<br /> <br /> [[Category:Attack]]</div>

Sk9