Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: directory traversal vulnerability

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 12 Mar 2008 11:06:52 -0400
how does one exploit directory traversal vulnearbility ?


http://en.wikipedia.org/wiki/Directory_traversal



does this error message indicate such a vulnerability ?
E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\
../includes/toplinks-archive-courses-spas.asp, line 1 


Maybe.  Try working your way up and back down to something like 
\inetpub\ftp and see where you get.  Also keep an eye on your 
server responses.  For instance, if you request something
that should be above the webroot directory and get a 404, 
then there's no directory traversal vulnerability.  But if
you get a 403, then I would say that there is, especially
if the error includes the path you were trying for.

PaulM



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: