Re: info on dir traversal techniques, any?
From: H D Moore (sflist_at_digitaloffense.net)
Date: 05/04/04
- Previous message: Javier Fernandez-Sanguino: "Re: MBSA scanner"
- In reply to: Chan Fook Sheng: "info on dir traversal techniques, any?"
- Next in thread: Chan Fook Sheng: "Re: info on dir traversal techniques, any?"
- Reply: Chan Fook Sheng: "Re: info on dir traversal techniques, any?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Tue, 4 May 2004 04:19:24 -0500
On Monday 03 May 2004 06:16, Chan Fook Sheng wrote:
> I am trying to get the application to display any files on the
> filesystem. I have ried appending %00 etc.. but to no avail.
> Anyone knows of more techniques to try?
For ASP scripts that pass user input directly into the FileSystemObject,
you can use unicode tricks to perform a directory traversal. This nice
thing about this attack is that there is no easy defense in the ASP
language; Microsoft's own "secure" ShowCode.asp was vulnerable to this
type of flaw. A sample traversal would look like:
somebustedcode.asp?mahfile=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
> How can one determine whether a web application is opening files for
> read, hence making it possible for directory traversal attack?
Try passing a variety of invalid names and look for a difference in the
returned error message. Using file names with reserved device names may
return a non-standard response, same goes for files which contain bytes
that are illegal in a file name...
-HD
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
- Previous message: Javier Fernandez-Sanguino: "Re: MBSA scanner"
- In reply to: Chan Fook Sheng: "info on dir traversal techniques, any?"
- Next in thread: Chan Fook Sheng: "Re: info on dir traversal techniques, any?"
- Reply: Chan Fook Sheng: "Re: info on dir traversal techniques, any?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
