Re: [NSE] Webservers Directory Traversal Vulnerability (under windows)

[Gutek <ange.gutek () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Indeed, the goal is the same : revealing a Dir Traversal.
However I may be wrong but I think the two approaches are slightly
different (without talking about linux vs. windows targets):
- - http-passwd seems "generic" - oriented as it builds commonly seen ways
of trying to reach /etc/passwd : escaping characters, salshing and
anti-slashing
- - http-win-dir-traversal is precisely oriented against payloads
published. Let's say, "products - oriented"

I have two hypothesis:
- - H1, keeping those two appart, renaming http-win-dir-traversal to
http-boot (to reflect the targeted file, as those two files are
OS-symbolic and so self-speaking)
- - H2 trying to merge those two approaches. I can imagine it could be
possible (but a little bit hard, I guess) to, for example, try to guess
the plateform and then launch a unix() or a windows() sub routine

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iPwEAQECAAYFAkv6sYkACgkQpPzCzCwmbje3gAb/VucHqrSY405hp14UiCu8dUDg
a/4lhRkTe2Tnre0bGKZT8DhP7SEHKKv7bnEgmm7LwYOpz0pQQ0KTNIp8W3Z38/F3
iRf8WPjvtU/kOpKwGYyKFd0XB1rwLoLrNj7UdG4ND3kqX/AgRVhwKLFCZAhYhl0b
BmqFikltSXviY3BRMUzwmsCb+Ublfig1CdAKqD6DiTfwJX/vdhCvfotD/Uzgys/m
QkIiht4ugVuOyAjVzS+/6ki3dLmoZVosxvHwZjjeoMl2gaflkDCXZW42C60Ti3zV
s8XFetwJRdXKfIFuD/4=
=R79i
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/