Web app error messages.
- From: "Lee Lawson" <leejlawson@xxxxxxxxx>
- Date: Thu, 26 Oct 2006 15:17:25 +0100
Hi all,
I have recently conducted a web application penetration test for a
client and I am a little stuck as to the resolution advice I need to
give.
I have highlighted, among other things, the enumeration of 'hidden'
directories within the app. This is normally conducted by finding
Access Denied or Forbidden messages, but I have come across the
following message:
"Virtual Directory Listing Denied."
That is all that is displayed on the page! They are using asp and IIS.
What I need to know is:
what exactly is creating the error message? IIS? ASP? etc.
How to create a bespoke error message or preferably redirect the user
to the home page?
Thanks in advance.
--
Lee J Lawson
leejlawson@xxxxxxxxx
leejlawson@xxxxxxxxxxxx
"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."
"Quidquid latine dictum sit, altum sonatur."
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Prev by Date: Commercial Wireless Pentesting Software
- Next by Date: RE: off-premise laptops
- Previous by thread: Commercial Wireless Pentesting Software
- Next by thread: RE: Web app error messages.
- Index(es):
Relevant Pages
|
|
