Re: [Full-disclosure] [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer

Directory Traversal still alive? I mean, does your tool bypass Apache, IIS latest versions? Or it is applicable to IIS 4?

It would be nice to have new techniques, improve multi-byte encoders and so on.

Sent via BlackBerry from Danux Network

-----Original Message-----
From: "chr1x" <chr1x@xxxxxxxxxxxxx>
Date: Fri, 29 Oct 2010 23:47:20
To: <full-disclosure@xxxxxxxxxxxxxxxxx>; <websecurity@xxxxxxxxxxxxx>
Cc: <webappsec@xxxxxxxxxxxxxxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
CubilFelino Security Research Lab and Chatsubo (IN) Security Labs
proudly present...

DotDotPwn v2.1 - The Directory Traversal Fuzzer

Authors: Christian Navarrete (chr1x @ and
Alejandro Hernández H. (nitr0us @

Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences

Tool Description
It's a very flexible intelligent fuzzer to discover traversal directory
vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms
such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent
module to send the desired payload to the host and port specified. On
the other hand, it also could be used in a scripting way using the
STDOUT module.

It's written in perl programming language and can be run either under
*NIX or Windows platforms.

Fuzzing modules supported in this version:
- Payload (Protocol independent)

Discovered Vulnerabilities

- HTTP (4 security advisories)
* MultiThreaded HTTP Server @
* Wing FTP Server v3.4.3 @
* Yaws 1.89
* Mongoose 2.11

- FTP (2 security advisories)
* VicFTPS v5.0 @
* Home FTP Server vr1.11.1 (build 149) @

- TFTP (2 security advisories)
* TFTP Desktop 2.5 @
* TFTPDWIN v0.4.2 @

Official site:
Mirror site:

Contact: dotdotpwn@xxxxxxxxxxxxx

Vote for DotDotPwn as tool for next BackTrack release!! ->

Join us on IRC: #webappsec

Have a question? Search The Web Security Mailing List Archives:

Subscribe via RSS: [RSS Feed]

To unsubscribe email websecurity-unsubscribe@xxxxxxxxxxxxx and reply to
the confirmation email

Join WASC on LinkedIn

WASC on Twitter

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages

  • Re: Mac Server Hacked In Less Than 6 Hours
    ... Windows has RAS, and for it is built in since NT 3.1 ... | A typical IIS box and this Mac are not the same thing so the comparison ... IIS has been subject to quite a few bugs and so have ... Security isn't a proprietary attribute. ...
  • Re: DCOM calls fails - access denied
    ... That's exactly how I understood the ASP.NET security. ... But why does one configuration work but not the other? ... should get the token from IIS. ... If you set there a domain account, ...
  • Re: How to secure IIS?
    ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ...
  • RE: .pdf security using ASP.NET security...
    ... I am wondering if using the aspnet_isapi.dll to handle PDF files security ... IIS has a list of Application Mappings which dictate whether a particular ... entries that tell aspnet_isapi.dll what to do with various file types. ... Files that do have app mappings require all the same steps, ...
  • Re: impact of mapping .??? to ASP.NET ISAPI???
    ... security issue, either from ASP.NET or IIS (this is something that my ISP ... > entries that tell aspnet_isapi.dll what to do with various file types. ... > process the request. ...