info on dir traversal techniques, any?
From: Chan Fook Sheng (chanfooksheng_at_pacific.net.sg)
Date: 05/03/04
- Previous message: Roshen Chandran: "paper on Nmap scanning speeds"
- Next in thread: H D Moore: "Re: info on dir traversal techniques, any?"
- Reply: H D Moore: "Re: info on dir traversal techniques, any?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 May 2004 19:16:32 +0800 To: pen-test@securityfocus.com
Hi
am doing some security audit for a customer, and i come across a web
application that accept a GET request with a parameter that I believe is
a filename on the filesystem of the web server.
I am trying to get the application to display any files on the
filesystem. I have ried appending %00 etc.. but to no avail.
Anyone knows of more techniques to try?
How can one determine whether a web application is opening files for
read, hence making it possible for directory traversal attack?
fs
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
- Previous message: Roshen Chandran: "paper on Nmap scanning speeds"
- Next in thread: H D Moore: "Re: info on dir traversal techniques, any?"
- Reply: H D Moore: "Re: info on dir traversal techniques, any?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
