WebApp Sec mailing list archives
Re: Platform specific error codes.
From: Zapotek <zapotekzsp () gmail com>
Date: Wed, 4 Oct 2006 13:57:45 +0300
Hi Eoin, Thanks for replying. If you meant this part : http://www.owasp.org/index.php/Analysis_about_error_codes it is indeed a small piece and I'd love to contribute once I have a decent error database. :) Regards, Zapotek. On 10/4/06, Eoin <eoinkeary () gmail com> wrote:
Hello, The OWASP testing guide has a small piece on error codes which may help but more needs to be added. If you would like to contribute please contact myself via the OWASP site. regards, Eoin On 03/10/06, Zapotek <zapotekzsp () gmail com> wrote: > Hello list, > > I'm kinda developing a web application security vulnerability scanner. > It's going to be open source with a metasploit-like interface. > > I have finished the interactive shell interface but I want the system to > be modularized, > so new recon techniques can be added using simple XML files. > > BUT, in order to identify vulnerabilities I need some error codes > generated by different platforms like Python/Perl/ASP/etc. during attacks. > > For example, if a PHP application has a file inclusion vulnerability > and the vulnerable variable is "file" the parameter: > "file=some_non_existent_file.foo" > Would trigger the error: > > *Warning*: include(some_non_existent_file.foo) [function.include <http://localhost/%7Ezapotek/fis/function.include>]: failed to open stream: No such file or directory in */home/zapotek/public_html/pen_test/vuln.php* on line *13 > > *I think you got what I'm saying. :) > > Regards, > Zapotek.* > * > > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > > Watchfire has new programs available for pen testers and consultants to > use AppScan in client engagements. AppScan is the leading Web application > assessment tool. Want to see it for yourself? Take a look today! > > https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz > -------------------------------------------------------------------------- > > -- Eoin Keary OWASP - Ireland http://www.owasp.org/local/ireland.html
-- __________________________________________________________ http://www.segfault.gr ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
Current thread:
- Platform specific error codes. Zapotek (Oct 03)
- Re: Platform specific error codes. Eoin (Oct 04)
- Re: Platform specific error codes. Zapotek (Oct 04)
- Re: Platform specific error codes. Eoin (Oct 04)