Re: directory traversal vulnerability

["Lee Lawson" <leejlawson () gmail com>]

The error message that you posted may just be a pathname in the
verbose error message and not necessarily a directory traversal issue.

As part of a penetration test, I would report on the fact that a full
pathname is given in an error message, but it would not be very highly
rated.

If you could give us some more info on what you did to cause the error
and post the full text of the error message, maybe we can help more.

lee.

On 9 Mar 2008 03:02:26 -0000, <davemitch () mailinator com> wrote:
> hi List,
>
>
> how does one exploit directory traversal vulnearbility ?
>
>
> does this error message indicate such a vulnerability ?
>
> -----------------------------------------------
>
>
>
> E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1
>
> ________________________________________________
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------



-- 
Lee J Lawson
leejlawson () gmail com

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

"Faber est suae quisque fortunae"

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------