Penetration Testing mailing list archives
Re: Directory Transversal
From: jfvanmeter () comcast net
Date: Thu, 18 Oct 2007 11:29:24 +0000
The application that i'm testing has fuctionality that is like a web server in the way that I can make a connection via a web browser and it will send HTML content to the browser that shows the status of a process. Currently i'm running Web Scarab and Wireshark to monitor the session and capture the packets. The service runs as "System" so I believe I have user rights that are assigned to "System", if thats not the case then it most be running as anonymous which I believe is include in the Everyone and Users groups. Take Care and Have Fun --john -------------- Original message ---------------------- From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Hello John, The fact that you are getting a directory traversal should not mean anything else to you rather than you are getting outside the web root at least for reading files. As for PUT, what does the OPTIONS command tell you? Is PUT an enabled verb on the web server you are testing? otherwise you are not going to go anywhere with that. You can also check for WEBDAV verbs that may interest you... In any case to go outside the web root for writing files as well you need to have some help from the underlying O/S regaind file/directory permissions... Hope it helps, ZQ On 10/17/07, jfvanmeter () comcast net <jfvanmeter () comcast net> wrote:Hello everyone, I'm in the middle of a test on a app that the followingcommand works onhttp://mycomputer:port#/..//..//..//..//..//..//..//windows/win.ini and it will prompt me to save the file, if i check my packet capture I see thecontents of the file.So far I've been unable to get a put or post command to work and was hoping toget some ideas from you all on things to try.I've been trying to get nc/telnet and some other tools to help me with the putcomandThanks in advance --John ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads -------------------------------------------------------------------------- --------------------------------------------------------------------- ÎÏÎÏν á¼Î½ Ïá¿Î´á¾½ á¼ÏαÏκε γá¿Â· Ïὸ δὲ ζηÏοÏμενον á¼Î»ÏÏÏν, á¼ÎºÏεÏγειν δὲ Ïá¼Î¼ÎµÎ»Î¿Ïμενον. ÎιδίÏÎ¿Ï Ï Î¤ÏÏÏÎ±Î½Î¿Ï [110] --------------------------------------------------------------------- Creon In this our land, so said he, those who seek Shall find; unsought, we lose it utterly. Oedipus Rex [110] ---------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Directory Transversal jfvanmeter (Oct 18)
- Re: Directory Transversal Lee Lawson (Oct 19)
- Re: Directory Transversal Zed Qyves (Oct 19)
- Re: Directory Transversal pand0ra (Oct 19)
- <Possible follow-ups>
- Re: Directory Transversal jfvanmeter (Oct 19)
- RE: Directory Transversal jfvanmeter (Oct 19)
- re: Directory Transversal Sat Jagat Singh (Oct 19)
- Re: Directory Transversal jfvanmeter (Oct 19)
- RE: Directory Transversal Walsh, Leo (Oct 19)
- Re: Directory Transversal jfvanmeter (Oct 23)
- Re: Directory Transversal Zed Qyves (Oct 24)