0

Recently I was testing a website for vulnerabilities and I found that a URL disclosed following directory details. I wanted to prove to authorities that this is serious as .mdb file can be accessed but i don't know how.
I want to access it and prove it to them. Is there any way to access .mdb file ?

3cc63934b3b240301a9566736c3f83ad

Thanx.

4
Contributors
11
Replies
34
Views
4 Years
Discussion Span
Last Post by Rahul47
0

What do you mean you don't know how to prove this? You simply need to send a screenshot as you did here indicating that you' be discord that directory browsing is enabled. It's very easy to fix this issue.

You should be able to access any of the files listed.

0

I sent that screenshot, but dumbheads there are so lazy that they said it wont harm their website. LOL .
Am not worried anyway, but just wanted to save that cause its a university website and i dont want it to be spoiled.

0

What do you mean you don't know how to prove this?

I feel that it can be accessed but I haven't yet figured out HOW ? Thats what am googling for . .

0

An mdb can be accessed by MS Access, probably Excel too.

If you are a visitor and if you can see directory details of a website will you still be able to access it ?

0

When directory browsing is enabled and accessed by a browser, the files listed are generally listed as hyperlinks where you can click them and either open or download them. Is that not what you are seeing via your browser?

0

When directory browsing is enabled and accessed by a browser, the files listed are generally listed as hyperlinks where you can click them and either open or download them. Is that not what you are seeing via your browser?

Nope, am redirected to server Error Page. Saying,

Server Error in '/app' Application.

This type of page is not served.

Description: The type of page you have requested is not served because it has been explicitly forbidden. The extension '.mdb' may be incorrect. Please review the URL below and make sure that it is spelled correctly.

Requested URL: /App/app.mdb

0

ASP.NET will automatically protect certain folders such as App_Data, App_Code, etc... There are several. In addition, you can further secure using the web.config file as well.

It seems that in this instance the folder you are looking at is a typical folder without any of the default documents stored in that folder so the webserver lists the contents instead if page not found because directory browsing is enabled.

Edited by JorgeM

0

It seems that in this instance the folder you are looking at is a typical folder

Actually I changed original name to App not to disclose its directory name here. [ Privacy Concern ]

So how do i fetch that .mdb file ?

0

If nothing sensitive can be accessed from this particular directory (mdb files appear to already by protected), then there may not be an issue - however, there may be other directories that contain files that should not be accessed. Directory Browsing just makes it easier to discover the directory contents and find them, but does not directly mean they can be accesses. However, if the file name discloses sensitive information, then preventing access to the file might not be enough.

eg. Seeing a file called Plans_for_firing_1000_people.xls might not be desirable

0

If nothing sensitive can be accessed . . . .

I see you point.
FYI that mdb file contains result of university and I being student of university wanted to protect it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.