Jason Kohles wrote: > > On Tue, Dec 04, 2001 at 12:59:42PM -0800, Jay D. Dyson wrote: > > > > Which begs the question: why would /admin or /password be linked > > from any publicly accessible page?? If they're not linked, they won't be > > spidered. Furthermore, any such page should have IP address restrictions > > in place as well as the login/pass challenge. > > > You would be amazed what gets spidered. I've seen test web servers where > the entire server wasn't linked from anywhere, yet ended up on google.
I've SEEN /etc/passwd files! Why? Dunno, but there it was. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
