The HTTP GET attack presented at SecT 2017

by Hanno Böck,

Summary : A surprisingly simple attack can lead to devastating consequences: simply trying to download files with common filenames one can find all kinds of things on web servers: Database dumps, Git repositories, private keys for HTTPS certificates, FTP and MySQL credentials.