WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: QUESTION....DOES THIS CONSIDER TO BE A BUG?

From: Bill Pennington <billp () boarder org>
Date: Tue, 9 Dec 2003 10:47:38 -0800
No this is not Directory Traversal.
http://www.abs.co.il/../about.asp gets turned into http://www.abs.co.il/about.asp by the web server. You are not traversing any directories. You just happened to find a file with the same name in 2 locations on a web site. Happens all the time.
I cannot read hebrew so I don't know what the about.asp in the root directory says if it is disclosing some top secret message then maybe so are on to something but it is not Directory Traversal. 

On Dec 9, 2003, at 10:25 AM, Rafel Ivgi wrote:


QUESTION....DOES THIS CONSIDER TO BE A BUG?
http://www.abs.co.il/abs2003/about.asp
http://www.abs.co.il/../about.asp
even because about.asp exsists in the old folder..
Does it still considered as directory transversal?
Thx, Rafel Ivgi, The-Insider.




---
Bill Pennington, CISSP, CCNA
Chief Technology Officer
WhiteHat Security Inc.
http://www.whitehatsec.com
Previous By Date Next
Previous By Thread Next

Current thread: