Closed dipakpanchal05 closed 3 years ago
I recently found this bypass. I got this directory /plesk-stat status code 301 (dirsearch) but when I opened it showing 403 Forbidden.
Chrome follows the redirect, but dirsearch doesn't. If you want, then use the -F
flag
And if some websites are not enabled directory listing that means the website is not misconfigured. but it is. so decided to submit these directories names which you should include in your list for bypass 403 restriction.
There are really few servers are opening for directory listing, but you know how people still able to find deep files and dirs? There is a technique, that dirsearch supports, called recursion. If folder folder/
exists, 99.99% of webservers will redirect you to http://target/folder/
when you hit http://target/folder
. So from here, you can keep brute-forcing http://target/folder/
until finding another folder or file. By using the -r
flag, you can have dirsearch scan recursively. You can try now with your target, and give me the feedback.
Of course, the scanning result depends a lot on your wordlist, so try having a good wordlist (dirsearch default is not bad)
Btw, I will still add those endpoints to dirsearch wordlist
thank you for adding endpoints.
Thanks, I'll check it out.
On Mon, May 17, 2021 at 5:41 PM Pham Sy Minh @.***> wrote:
Closed #841 https://github.com/maurosoria/dirsearch/issues/841.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/maurosoria/dirsearch/issues/841#event-4754202924, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHPYXBW26LKQQYSZOECQIS3TOEBXDANCNFSM45AGEO2Q .
I think you forgot to mention my name Contributors' list.
On Mon, May 17, 2021 at 9:09 PM Dipak Panchal @.***> wrote:
Thanks, I'll check it out.
On Mon, May 17, 2021 at 5:41 PM Pham Sy Minh @.***> wrote:
Closed #841 https://github.com/maurosoria/dirsearch/issues/841.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/maurosoria/dirsearch/issues/841#event-4754202924, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHPYXBW26LKQQYSZOECQIS3TOEBXDANCNFSM45AGEO2Q .
Feel free to submit a PR for it, I will merge then
What is the meaning of PR?
On Wed, May 19, 2021 at 4:33 PM Pham Sy Minh @.***> wrote:
Feel free to submit a PR for it, I will merge then
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/maurosoria/dirsearch/issues/841#issuecomment-843993583, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHPYXBU6NLOREIODTSQQNT3TOOLHNANCNFSM45AGEO2Q .
Pull Request
th3.d1p4k (https://instagram.com/th3.d1p4k)
What is the feature?
403 Bypass Plesk-stat
What is it?
I recently found this bypass. I got this directory /plesk-stat status code 301 (dirsearch) but when I opened it showing 403 Forbidden. Then I use dork. index of/plesk-stat
I found some directories. Listed Below.
/plesk-stat/anon_ftpstat/ /plesk-stat/ftpstat/ /webstat-ssl/ /webstat/
What is the use case?
In some cases user not aware of this functionality of Plesk-stat. And if some websites are not enabled directory listing that means the website is not misconfigured. but it is. so decided to submit these directories names which you should include in your list for bypass 403 restriction.
When and who will use this? Why this matters?
This matters because in very rare cases directory listing enabled. And these directories bypass the restriction and will give the result as we want.