Penetration Testing mailing list archives
RE: directory traversal vulnerability
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 12 Mar 2008 11:06:52 -0400
how does one exploit directory traversal vulnearbility ?
http://en.wikipedia.org/wiki/Directory_traversal
does this error message indicate such a vulnerability ? E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\ ../includes/toplinks-archive-courses-spas.asp, line 1
Maybe. Try working your way up and back down to something like \inetpub\ftp and see where you get. Also keep an eye on your server responses. For instance, if you request something that should be above the webroot directory and get a 404, then there's no directory traversal vulnerability. But if you get a 403, then I would say that there is, especially if the error includes the path you were trying for. PaulM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- directory traversal vulnerability davemitch (Mar 12)
- Re: directory traversal vulnerability Lee Lawson (Mar 13)
- RE: directory traversal vulnerability Arian J. Evans (Mar 13)
- RE: directory traversal vulnerability Paul Melson (Mar 13)
- Re: directory traversal vulnerability Todd Haverkos (Mar 13)
- Re: directory traversal vulnerability Lee Lawson (Mar 13)