WebApp Sec mailing list archives
post vulnerability scenario
From: davemitch () mailinator com
Date: 7 Mar 2008 04:52:11 -0000
hi list, on using wapiti (a vulnerability scanner for web applications) on an internal website, the output is a list of attack URLs like the one below hxxp://***.****.***.***/pages/abstract.asp?paperid=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini On pasting the URL in a browser, the error message is like this ___________________________________________________________________________________________________________ Microsoft VBScript runtime error '800a000d' Type mismatch: '[string: "¿'"("]' E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PAGES\../includes/toplinks-archive-courses-spas.asp, line 1 _____________________________________________________________________________________________________________ What needs to be done next to exploit the vulnerability detected by wapiti ? any suggestions or ideas are welcome. thankx ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- post vulnerability scenario davemitch (Mar 06)