The HTTP GET attack
Feedback
A surprisingly simple security vulnerability can have massive implications: Files laying around on web servers, accessible for anyone to download.
Git repositories, database dumps, backup files of PHP scripts, configuration files with login credentials or core dumps from application crashes - there are various files that end up on webservers. By guessing common filenames it is very often possible to download secret data from web servers.
Links
Speakers for The HTTP GET attack:
Metadata for The HTTP GET attack
To be recorded: YesURLs for The HTTP GET attack
Recording: https://www.youtube.com/watch?v=y7xDHXTDtwo
Schedule for The HTTP GET attack
- Sunday, Aug 27th, 2017, 15:30 (CEST) - Sunday, Aug 27th, 2017, 16:30 (CEST) at Speakers Tent