both.. > Can you use this to DoS the server? consider that the server must process the requests.. i think it can be a DoS issue with enough length and quanity of the requests.
>Can you use this to gain access to areas on the server otherwise not available? many servers assume a call to "/somefolder/somefile.ext" is a trusted internal call. where http://theserver/somefolder/somefile.ext morning_wood http://exploitlabs.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
