Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: directory traversal vulnerability
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 12 Mar 2008 11:06:52 -0400

how does one exploit directory traversal vulnearbility ?

http://en.wikipedia.org/wiki/Directory_traversal


does this error message indicate such a vulnerability ?
E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\
../includes/toplinks-archive-courses-spas.asp, line 1 

Maybe.  Try working your way up and back down to something like 
\inetpub\ftp and see where you get.  Also keep an eye on your 
server responses.  For instance, if you request something
that should be above the webroot directory and get a 404, 
then there's no directory traversal vulnerability.  But if
you get a 403, then I would say that there is, especially
if the error includes the path you were trying for.

PaulM



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault