Penetration Testing mailing list archives
RE: directory traversal vulnerability
From: "Arian J. Evans" <arian.evans () anachronic com>
Date: Thu, 13 Mar 2008 09:55:46 -0700
Dave -- you should post the VB script error for the list or this question makes no sense. That error is the key, as I told you over on the webappsec list. You might have better luck on an ASP Classic developer's list. Folks on this list may not be familiar with that VB/ASP error. I've been testing ASP apps for close to ten years, hence my confidence in my previous answer. It's a type mismatch -- which is fundamental and common to VB ASP apps. That's a standard old ASP classic error. Including the path is default behavior and has nothing to do with a dir trav, though I also included dir trav instructions for Windows in my last email that you can feel free to try. Stop using that little python wapati webapp scanner and start learning to manually test applications. I recommend starting by learning to read the source code. VB ASP is very easy. -ae On 9 Mar 2008 03:02:26 -0000, <davemitch () mailinator com> wrote:
hi List, how does one exploit directory traversal vulnearbility ? does this error message indicate such a vulnerability ? ----------------------------------------------- E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA
GES\../includes/toplinks-archive-courses-spas.asp, line 1
________________________________________________ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Arian Evans software security stuff ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- directory traversal vulnerability davemitch (Mar 12)
- Re: directory traversal vulnerability Lee Lawson (Mar 13)
- RE: directory traversal vulnerability Arian J. Evans (Mar 13)
- RE: directory traversal vulnerability Paul Melson (Mar 13)
- Re: directory traversal vulnerability Todd Haverkos (Mar 13)
- Re: directory traversal vulnerability Lee Lawson (Mar 13)