WebApp Sec mailing list archives
Re: QUESTION....DOES THIS CONSIDER TO BE A BUG?
From: Bill Pennington <billp () boarder org>
Date: Tue, 9 Dec 2003 10:47:38 -0800
No this is not Directory Traversal.http://www.abs.co.il/../about.asp gets turned into http://www.abs.co.il/about.asp by the web server. You are not traversing any directories. You just happened to find a file with the same name in 2 locations on a web site. Happens all the time.
I cannot read hebrew so I don't know what the about.asp in the root directory says if it is disclosing some top secret message then maybe so are on to something but it is not Directory Traversal.
On Dec 9, 2003, at 10:25 AM, Rafel Ivgi wrote:
QUESTION....DOES THIS CONSIDER TO BE A BUG? http://www.abs.co.il/abs2003/about.asp http://www.abs.co.il/../about.asp even because about.asp exsists in the old folder.. Does it still considered as directory transversal? Thx, Rafel Ivgi, The-Insider.
--- Bill Pennington, CISSP, CCNA Chief Technology Officer WhiteHat Security Inc. http://www.whitehatsec.com
Current thread:
- QUESTION....DOES THIS CONSIDER TO BE A BUG? Rafel Ivgi (Dec 09)
- Re: QUESTION....DOES THIS CONSIDER TO BE A BUG? Bill Pennington (Dec 09)