Predictable Resource Location Enumeration
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Hardening
Invented In:
01/01/1995
Added In:
03/12/2014
Vector Operation Method:
Functionality implemented in Hidden, dormant and unnecessary files found in predictable locations could be accessed by attackers that guess their URL address. May include content such as Default pages, code version control content, sequential file and directory names, administrative URLs, etc. Intentionally separated from the Old, backup and unreferenced files category due to multiple separate plugin implementations in scanners and slightly different detection techniques.
