Penetration Testing mailing list archives
Re: Web App Script Capture
From: Jerome Athias <jerome.athias () free fr>
Date: Fri, 02 Oct 2009 23:49:31 +0200
A very common (-kill me please-) "error" is download.php?file= or upload.php?file= What about download.php?file=download.php or download.php?file=download.php%00.pdf ... ;p /JA
What I want to demonstrate is that once I have path traversal, I can steal just about anything -- except for script source code. I haven't figured out a work-around for that problem (stealing source code). Thus, my question. Jon
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Web App Script Capture Jerome Athias (Oct 02)
- <Possible follow-ups>
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Mike Duncan (Oct 02)
- Re: Web App Script Capture Anthony Cicalla (Oct 04)
- Re: Web App Script Capture arvind doraiswamy (Oct 04)
- Re: Web App Script Capture Jon Kibler (Oct 04)
- Re: Web App Script Capture Jerome Athias (Oct 05)
- Re: Web App Script Capture Jon Kibler (Oct 02)
- Re: Web App Script Capture Jerome Athias (Oct 04)
- Re: Web App Script Capture Zed Qyves (Oct 05)