Re: directory traversal vulnerability

From: Lee Lawson (leejlawson@gmail.com)
Date: Wed Mar 12 2008 - 04:09:43 EST


The error message that you posted may just be a pathname in the
verbose error message and not necessarily a directory traversal issue.

As part of a penetration test, I would report on the fact that a full
pathname is given in an error message, but it would not be very highly
rated.

If you could give us some more info on what you did to cause the error
and post the full text of the error message, maybe we can help more.

lee.

On 9 Mar 2008 03:02:26 -0000, <davemitch@mailinator.com> wrote:
> hi List,
>
>
> how does one exploit directory traversal vulnearbility ?
>
>
> does this error message indicate such a vulnerability ?
>
> -----------------------------------------------
>
>
>
> E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1
>
> ________________________________________________
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
Lee J Lawson
leejlawson@gmail.com
"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."
"Quidquid latine dictum sit, altum sonatur."
"Faber est suae quisque fortunae"
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT