Penetration Testing mailing list archives
Re: Web App Script Capture
From: Jerome Athias <jerome.athias () free fr>
Date: Wed, 30 Sep 2009 11:48:58 +0200
Hi, should this be an example to assume that we can answer "Yes" to your question? http://www.securityfocus.com/bid/14764/discuss /JA Le mardi 29 septembre 2009 à 09:00 -0400, Jon Kibler a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, If you have a web app that has path traversal and null byte vulnerabilities, but not remote command execution or file upload, is there any way to manipulate the web server to allow remote retrieval of script source code (e.g.,php, perl, asp) without it being executed by the web server? TIA!! Jon K. - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrCBPEACgkQUVxQRc85QlNCBQCeLFkVKoa+X2lgKj6waj83GK0r mpwAnj8rwani1YKEslGoka1pNkBUCJ4X =wcfT -----END PGP SIGNATURE-----
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)