Nytro Posted August 4, 2012 Report Posted August 4, 2012 HTExploit : Open Source Tool to Bypass Standard Directory Protection HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process to gain access to a protected directory contents. Presumably, if such an attack is successful, you can launch further attacks such as SQL Injection, Local File Inclusion, Remote File Inclusion, etc. on discovered files.Features of HTExploit:Multiples modules to execute.Save the output to an specify directory.HTML Reporting.Use multiples wordlist to probe against htaccess bypassing.Mode verbose for a full detailed information.Multi-platform and flexible.The vulnerability exists because web servers like Apache forward PHP-based requests within .htaccess to the PHP engine itself. The .htaccess file allows you to specify the requests get sent to PHP to try to interpret. However, on encountering non-standard input, PHP automatically treats it as a GET request, and allows the utility to start saving the PHP files on a webserver to your local filesystem, bypassing security restrictions!Download HTExploitSursa: HTExploit : Open Source Tool to Bypass Standard Directory Protection | Tools Yard - The Hacker News Quote
