Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
From: "Arturo 'Buanzo' Busleiman" <buanzo () buanzo com ar>
Date: Thu, 04 Nov 2010 11:35:01 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Directory Traversal is not only a web-server vulnerability, neza0x. Webapps can be vulnerable as
well. Or 3rd party [nginx|apache|etc] modules, for that matter.

On 11/03/2010 05:49 PM, neza0x () gmail com wrote:
Directory Traversal still alive? I mean, does your tool bypass Apache, IIS latest versions? Or it is applicable to 
IIS 4?

It would be nice to have new techniques, improve multi-byte encoders and so on.

Sent via BlackBerry from Danux Network

-----Original Message-----
From: "chr1x" <chr1x () sectester net>
Date: Fri, 29 Oct 2010 23:47:20 
To: <full-disclosure () lists grok org uk>; <websecurity () webappsec org>
Cc: <webappsec () lists securityfocus com>; <bugtraq () securityfocus com>
Subject: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
CubilFelino Security Research Lab and Chatsubo (IN) Security Labs
proudly present...

DotDotPwn v2.1 - The Directory Traversal Fuzzer
===============================================

Authors: Christian Navarrete (chr1x @ http://chr1x.sectester.net) and
Alejandro Hernández H. (nitr0us @ http://chatsubo-labs.blogspot.com)

Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences
2010)

Tool Description
================
It's a very flexible intelligent fuzzer to discover traversal directory
vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms
such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent
module to send the desired payload to the host and port specified. On
the other hand, it also could be used in a scripting way using the
STDOUT module.

It's written in perl programming language and can be run either under
*NIX or Windows platforms. 

Fuzzing modules supported in this version: 
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT

Discovered Vulnerabilities
==========================

- HTTP (4 security advisories)
        * MultiThreaded HTTP Server @
http://www.inj3ct0r.com/exploits/11894
        * Wing FTP Server v3.4.3 @
http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt
      * Yaws 1.89
      * Mongoose 2.11
 
- FTP (2 security advisories)
        * VicFTPS v5.0 @ http://www.inj3ct0r.com/exploits/12131
      * Home FTP Server vr1.11.1 (build 149) @
http://www.exploit-db.com/exploits/15349

- TFTP (2 security advisories)
        * TFTP Desktop 2.5 @ http://www.exploit-db.com/exploits/14857
        * TFTPDWIN v0.4.2 @ http://www.exploit-db.com/exploits/14856


Download
========
Official site: http://dotdotpwn.sectester.net
Mirror site: http://chatsubo-labs.blogspot.com

Contact
=======
Contact: dotdotpwn () sectester net

Vote for DotDotPwn as tool for next BackTrack release!! ->
http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe () webappsec org and reply to
the confirmation email

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates



- -- 
Arturo "Buanzo" Busleiman :.
Independent Linux and Security Consultant - OWASP - SANS - OISSG .
http://www.buanzo.com.ar/pro/eng.html                           ..:
http://www.cervezacicuta.com.ar - "LA" Cerveza Artesanal de Villa Bosch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAkzSxJUACgkQAlpOsGhXcE1K5ACdEmzYELsPRhM7KE6Bpy4FHbLZ
lXEAn0dp6zsGR40SNmluN031oFAHnOsp
=FGhN
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]