WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

post vulnerability scenario

From: davemitch () mailinator com
Date: 7 Mar 2008 04:52:11 -0000
hi list,
on using wapiti (a vulnerability scanner for web applications) on an internal website, the output is a list of attack 
URLs like the one below

hxxp://***.****.***.***/pages/abstract.asp?paperid=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini

On pasting the URL in a browser, the error message is like this

___________________________________________________________________________________________________________
Microsoft VBScript runtime error '800a000d' 

Type mismatch: '[string: "¿'"("]' 

E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PAGES\../includes/toplinks-archive-courses-spas.asp, line 1
_____________________________________________________________________________________________________________

What needs to be done next to exploit the vulnerability detected by wapiti ? any suggestions or ideas are welcome.

thankx

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: