DZone

Whether you rely on them for business or personal use, it’s safe to say that we interact with URLs on a daily basis. They are our gateway to provide and access information across the web, and due to their universal nature, they are constantly scrutinized by attackers for security vulnerabilities. One type of risk that can be difficult to identify is if your URL is a server administration path; if it is, it could become a potential target for remote access attacks. To clarify, server administration paths are high-risk URLs that can be used in web applications or databases to specify the set of directories that are accessed. While these are very common and easy-to-use, they can provide a window for malicious users to exploit and access directories that should be off-limits.

These vulnerability windows generally occur when a web developer has made an error while constructing the access model for an application or site. For example, let’s say a user submits a request to view a public file in a web browser that uses a GET request URL method; when the file is retrieved, the user could apply educated guesswork to access other files in the directory by posing as an admin. Now, this attacker has the ability to execute commands and exploit confidential information. Instead of performing manual tests on your URLs or paths for this vulnerability, we will be discussing how you can use the following API in Java to automatically check your paths for this risk and avoid the repercussions of an attack.

Source: DZone