Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: directory traversal vulnerability

From: Todd Haverkos <fsbo () haverkos com>
Date: Thu, 13 Mar 2008 01:00:00 -0500
davemitch () mailinator com writes:


hi List,

how does one exploit directory traversal vulnearbility ?

does this error message indicate such a vulnerability ?
-----------------------------------------------


E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1 


Hi Dave, 

You really haven't given enough information there to say for sure, but
I'm leaning towards "no." 


If--by manipulating a filename parameter of a GET or POST request--you
can display a file outside of the web root, or in a protected
directory of the web root, then I'd say you have found a directory
traversal vulnerability.  But just getting some text in an error
message with a ../ in it doesn't quite qualify.





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: