WebApp Sec mailing list archives
Re: Platform specific error codes.
From: Eoin <eoinkeary () gmail com>
Date: Wed, 4 Oct 2006 11:33:57 +0100
Hello, The OWASP testing guide has a small piece on error codes which may help but more needs to be added. If you would like to contribute please contact myself via the OWASP site. regards, Eoin On 03/10/06, Zapotek <zapotekzsp () gmail com> wrote:
Hello list, I'm kinda developing a web application security vulnerability scanner. It's going to be open source with a metasploit-like interface. I have finished the interactive shell interface but I want the system to be modularized, so new recon techniques can be added using simple XML files. BUT, in order to identify vulnerabilities I need some error codes generated by different platforms like Python/Perl/ASP/etc. during attacks. For example, if a PHP application has a file inclusion vulnerability and the vulnerable variable is "file" the parameter: "file=some_non_existent_file.foo" Would trigger the error: *Warning*: include(some_non_existent_file.foo) [function.include <http://localhost/%7Ezapotek/fis/function.include>]: failed to open stream: No such file or directory in */home/zapotek/public_html/pen_test/vuln.php* on line *13 *I think you got what I'm saying. :) Regards, Zapotek.* * ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
-- Eoin Keary OWASP - Ireland http://www.owasp.org/local/ireland.html ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz --------------------------------------------------------------------------
Current thread:
- Platform specific error codes. Zapotek (Oct 03)
- Re: Platform specific error codes. Eoin (Oct 04)
- Re: Platform specific error codes. Zapotek (Oct 04)
- Re: Platform specific error codes. Eoin (Oct 04)