Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: directory traversal vulnerability
From: "Arian J. Evans" <arian.evans () anachronic com>
Date: Thu, 13 Mar 2008 09:55:46 -0700

Dave -- you should post the VB script error for the list
or this question makes no sense. That error is the key,
as I told you over on the webappsec list.

You might have better luck on an ASP Classic developer's list.

Folks on this list may not be familiar with that VB/ASP error.

I've been testing ASP apps for close to ten years, hence
my confidence in my previous answer.

It's a type mismatch -- which is fundamental and common
to VB ASP apps.

That's a standard old ASP classic error. Including
the path is default behavior and has nothing to do
with a dir trav, though I also included dir trav
instructions for Windows in my last email that you
can feel free to try.

Stop using that little python wapati webapp scanner
and start learning to manually test applications.
I recommend starting by learning to read the source
code. VB ASP is very easy.

-ae


On 9 Mar 2008 03:02:26 -0000,  <davemitch () mailinator com> wrote:
hi List,



 how does one exploit directory traversal vulnearbility ?



 does this error message indicate such a vulnerability ?

 -----------------------------------------------





 E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA
GES\../includes/toplinks-archive-courses-spas.asp, line 1

 ________________________________________________




 ------------------------------------------------------------------------
 This list is sponsored by: Cenzic

 Need to secure your web apps NOW?
 Cenzic finds more, "real" vulnerabilities fast.
 Click to try it, buy it or download a solution FREE today!

 http://www.cenzic.com/downloads
 ------------------------------------------------------------------------





--
Arian Evans
software security stuff


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]