('binary' encoding is not supported, stored as-is)
hi list,
on using wapiti (a vulnerability scanner for web applications) on an internal website, the output is a list of attack URLs like the one below
hxxp://***.****.***.***/pages/abstract.asp?paperid=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini
On pasting the URL in a browser, the error message is like this
___________________________________________________________________________________________________________
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "¿'"("]'
E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PAGES\../includes/toplinks-archive-courses-spas.asp, line 1
_____________________________________________________________________________________________________________
What needs to be done next to exploit the vulnerability detected by wapiti ? any suggestions or ideas are welcome.
thankx
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Mar 06 2008
Intro
