Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: AW: post vulnerability scenario

AW: post vulnerability scenario

From: Martin Muench <mmuench_at_it-sec.de>
Date: Wed, 12 Mar 2008 15:42:16 +0100

Well, this attack will never work because Wapiti is trying to include the
file boot.ini which is (as far as I know but I'm not a windows expert)
always on drive c:

The errormessage shows that the INETPUB Directory is on drive E: so
a simple directory traversal attack won't work (at least for this file).

--cut--
This runtime error, 800A000D occurs when you execute a VBScript. My
suggestion is that there is a VBScript statement that does not understand a
keyword you are using in your script. Alternatively, you may not be running
the script as an ordinary user and not as an Administrator.
--cut--
Source: http://www.computerperformance.co.uk/Logon/code/code_800A000D.htm

If you have access to the system you are testing, search for a file
on drive e: (maybe a txt or asp file which is part of the application) and
modify the wapiti URL.

Or (better) look at the soucecode of toplinks-archive-courses-spas.asp

Hope that helps...

Martin

-----Ursprüngliche Nachricht-----
Von: davemitch_at_mailinator.com [mailto:davemitch_at_mailinator.com]
Gesendet: Freitag, 7. März 2008 05:40
An: webappsec_at_securityfocus.com
Betreff: post vulnerability scenario

hi list,
on using wapiti (a vulnerability scanner for web applications) on an
internal website, the output is a list of attack URLs like the one below

hxxp://***.****.***.***/pages/abstract.asp?paperid=..%2F..%2F..%2F..%2F..%2F
..%2F..%2F..%2F..%2F..%2Fboot.ini

On pasting the URL in a browser, the error message is like this

____________________________________________________________________________
_______________________________
Microsoft VBScript runtime error '800a000d'

Type mismatch: '[string: "¿'"("]'

E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PAGES\../includes/toplinks-a
rchive-courses-spas.asp, line 1
____________________________________________________________________________
_________________________________

What needs to be done next to exploit the vulnerability detected by wapiti ?
any suggestions or ideas are welcome.

thankx

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Mar 12 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos