Home page logo

pen-test logo Penetration Testing mailing list archives

Re: directory traversal vulnerability
From: Todd Haverkos <fsbo () haverkos com>
Date: Thu, 13 Mar 2008 01:00:00 -0500

davemitch () mailinator com writes:

hi List,

how does one exploit directory traversal vulnearbility ?

does this error message indicate such a vulnerability ?

E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1 

Hi Dave, 

You really haven't given enough information there to say for sure, but
I'm leaning towards "no." 

If--by manipulating a filename parameter of a GET or POST request--you
can display a file outside of the web root, or in a protected
directory of the web root, then I'd say you have found a directory
traversal vulnerability.  But just getting some text in an error
message with a ../ in it doesn't quite qualify.

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]