Re: Directory Transversal

[jfvanmeter () comcast net]

The application that i'm testing has fuctionality that is like a web server in the way that I can make a connection via 
a web browser and it will send HTML content to the browser that shows the status of a process.

Currently i'm running Web Scarab and Wireshark to monitor the session and capture the packets. 

The service runs as "System" so I believe I have user rights that are assigned to "System", if thats not the case then 
it most be running as anonymous which I believe is include in the Everyone and Users groups.

Take Care and Have Fun --john


 -------------- Original message ----------------------
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
> Hello John,
>
> The fact that you are getting a directory traversal should not mean
> anything else to you rather than you are getting outside the web root
> at least for reading files.
>
> As for PUT, what does the OPTIONS command tell you? Is PUT an enabled
> verb on the web server you are testing? otherwise you are not going to
> go anywhere with that. You can also check for WEBDAV verbs that may
> interest you...
>
> In any case to go outside the web root for writing files as well you
> need to have some help from the underlying O/S regaind file/directory
> permissions...
>
> Hope it helps,
> ZQ
>
> On 10/17/07, jfvanmeter () comcast net <jfvanmeter () comcast net> wrote:
> >  Hello everyone, I'm in the middle of a test on a app that the following 
> command works on
> > http://mycomputer:port#/..//..//..//..//..//..//..//windows/win.ini
> > and it will prompt me to save the file, if i check my packet capture I see the 
> contents of the file.
> > So far I've been unable to get a put or post command to work and was hoping to 
> get some ideas from you all on things to try.
> > I've been trying to get nc/telnet and some other tools to help me with the put 
> comand
> > Thanks in advance --John
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
>
>
> -- 
> ---------------------------------------------------------------------
> Κρέων
> ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
> ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
> Οιδίπους Τύρρανος [110]
> ---------------------------------------------------------------------
> Creon
> In this our land, so said he, those who seek  Shall find; unsought, we
> lose it utterly.
> Oedipus Rex [110]
> ---------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------