Comments on: URL Obfuscation

By: alex the russian

alex the russian — Fri, 23 Apr 2010 03:41:52 +0000

note that if the server uses apache mod_userdir you can access a virtualhost site with the username which you can get if you get an error page on the site somehow. plenty of ways to do that. then you would just access the server with ip as stated in your post and ~user.

http://somesite.com/~user

that would give you the site if its on a virtualhost and has mod_userdir enabled, if the site is on like http://someother.com and is served from the user home dir.

I always disable that feature for security reasons obviously.
Thanks for your nice post.

By: dd

dd — Thu, 01 Jan 2009 19:43:24 +0000

let’s see if you guess my browser and os

By: satyadev

satyadev — Fri, 28 Sep 2007 13:57:25 +0000

Good Article …

By: URL Obfuscation Examples at InfoSecPodcast - Your Information Security source.

URL Obfuscation Examples at InfoSecPodcast - Your Information Security source. — Thu, 02 Nov 2006 01:25:51 +0000

[…] For a good explanation as to why this is and what URL obfuscation is used for, check out this post. […]

By: Jeremy

Jeremy — Mon, 04 Sep 2006 11:15:20 +0000

This reminds me of some XSS (Cross Site Scripting) fun. :-)

By: Luke

Luke — Mon, 04 Sep 2006 03:35:09 +0000

Thanks! :)

By: Andre

Andre — Mon, 04 Sep 2006 03:16:18 +0000

Nice article!