directory traversal / slash escape
From: .merlin (neNOwsaSPlaAMska_at_nxPLEASEtg.net)
Date: 08/29/03
- Next message: Steve Smith: "Re: VPN or FTP?"
- Previous message: mto: "Re: Identity P/W and Security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 14:08:39 GMT
Hello,
I ve tested my website using an automatised web security scanner
(nikto) which told me the service is vulnerable to directory traversal.
The example request:
http://site/_vti_bin/..%252f..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+
This test was made on a winnt4 server, with iis and frontpage installed,
with windows update regularly checked and patched if needed.
1) Do I have to consider this a real risk or not ?
2) Considering the web server root is on another disk than the system,
I always thought it was impossible to switch to another disk through
that kind of commands. Is this true or not ?
Any answer appreciated ; )
.merlin
- Next message: Steve Smith: "Re: VPN or FTP?"
- Previous message: mto: "Re: Identity P/W and Security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
