Re: Web App Script Capture
- From: Jerome Athias <jerome.athias@xxxxxxx>
- Date: Fri, 02 Oct 2009 23:49:31 +0200
A very common (-kill me please-) "error" is
download.php?file=
or
upload.php?file=
What about
download.php?file=download.php
or
download.php?file=download.php%00.pdf
...
;p
/JA
What I want to demonstrate is that once I have path traversal, I can steal just
about anything -- except for script source code. I haven't figured out a
work-around for that problem (stealing source code). Thus, my question.
Jon
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- References:
- Re: Web App Script Capture
- From: Mike Duncan
- Re: Web App Script Capture
- From: Jon Kibler
- Re: Web App Script Capture
- Prev by Date: Is Pentesting Goal Oriented, or Coverage Oriented?
- Next by Date: The goal of pentest by PCI DSS?
- Previous by thread: Re: Web App Script Capture
- Next by thread: Re: Web App Script Capture
- Index(es):
Relevant Pages
|
