Nmap Development mailing list archives
Re: [NSE] Webservers Directory Traversal Vulnerability (under windows)
From: Gutek <ange.gutek () gmail com>
Date: Mon, 24 May 2010 19:04:09 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indeed, the goal is the same : revealing a Dir Traversal. However I may be wrong but I think the two approaches are slightly different (without talking about linux vs. windows targets): - - http-passwd seems "generic" - oriented as it builds commonly seen ways of trying to reach /etc/passwd : escaping characters, salshing and anti-slashing - - http-win-dir-traversal is precisely oriented against payloads published. Let's say, "products - oriented" I have two hypothesis: - - H1, keeping those two appart, renaming http-win-dir-traversal to http-boot (to reflect the targeted file, as those two files are OS-symbolic and so self-speaking) - - H2 trying to merge those two approaches. I can imagine it could be possible (but a little bit hard, I guess) to, for example, try to guess the plateform and then launch a unix() or a windows() sub routine A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iPwEAQECAAYFAkv6sYkACgkQpPzCzCwmbje3gAb/VucHqrSY405hp14UiCu8dUDg a/4lhRkTe2Tnre0bGKZT8DhP7SEHKKv7bnEgmm7LwYOpz0pQQ0KTNIp8W3Z38/F3 iRf8WPjvtU/kOpKwGYyKFd0XB1rwLoLrNj7UdG4ND3kqX/AgRVhwKLFCZAhYhl0b BmqFikltSXviY3BRMUzwmsCb+Ublfig1CdAKqD6DiTfwJX/vdhCvfotD/Uzgys/m QkIiht4ugVuOyAjVzS+/6ki3dLmoZVosxvHwZjjeoMl2gaflkDCXZW42C60Ti3zV s8XFetwJRdXKfIFuD/4= =R79i -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Ron (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) David Fifield (Jun 18)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (Jun 19)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (Jun 19)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) David Fifield (Jun 22)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Gutek (May 24)
- Re: [NSE] Webservers Directory Traversal Vulnerability (under windows) Ron (May 24)