Penetration Testing mailing list archives
Re: directory traversal vulnerability
From: "Lee Lawson" <leejlawson () gmail com>
Date: Wed, 12 Mar 2008 09:09:43 +0000
The error message that you posted may just be a pathname in the verbose error message and not necessarily a directory traversal issue. As part of a penetration test, I would report on the fact that a full pathname is given in an error message, but it would not be very highly rated. If you could give us some more info on what you did to cause the error and post the full text of the error message, maybe we can help more. lee. On 9 Mar 2008 03:02:26 -0000, <davemitch () mailinator com> wrote:
hi List, how does one exploit directory traversal vulnearbility ? does this error message indicate such a vulnerability ? ----------------------------------------------- E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1 ________________________________________________ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Lee J Lawson leejlawson () gmail com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." "Faber est suae quisque fortunae" ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- directory traversal vulnerability davemitch (Mar 12)
- Re: directory traversal vulnerability Lee Lawson (Mar 13)
- RE: directory traversal vulnerability Arian J. Evans (Mar 13)
- RE: directory traversal vulnerability Paul Melson (Mar 13)
- Re: directory traversal vulnerability Todd Haverkos (Mar 13)
- Re: directory traversal vulnerability Lee Lawson (Mar 13)