[thelist] Can the Search Engines find an unlinked page?

Bob Meetin bobm at dottedi.biz
Sun Jul 13 15:51:10 CDT 2008


I visited the thread and site you note, but it looks like the writer 
must have already covered up this loophole - or I am missing something.  
I tried both the ?S=D and  ?M=A options on my site as well. It didn't 
reveal anything such as a file list and embarrass me =).  Does anyone 
have a test site where this can be verified, just curious?  -Bob

 evolt at brasscannon.net wrote:
> Quoth "Fred Jones" <fredthejonester at gmail.com>...
>
>   
>> I made a demo site called somesite.com/fred/
>>
>> There no link anywhere in the world to that page--in fact that only
>> people who ever saw it are me and my client. But he wants me now to
>> remove it because he says the search engines will find it and list it.
>> I am not opposed to removing it, but I think he's wrong. I see no way
>> for any search engine ever to find it. Am I wrong?
>>
>> Perhaps since he and I use gmail, Google is reading our email and
>> thereby finds it?
>>     
>
> No, it's much more straightforward and honest, depending on 
> how your web server is configured.
>
> See: "How Google indexed a file with no external link"
>  http://seclists.org/bugtraq/2001/Jul/0174.html
>
>  Summary:
>  Apache 1.3.20 with Multiviews enabled allows remote requests to
>  view directory contents and bypass the index page via a URL
>  containing the "M=D" query string.
>
> See what you get if you ask for http://somesite.com/fred?M=D
>
>   




More information about the thelist mailing list