Hello John,
The fact that you are getting a directory traversal should not mean
anything else to you rather than you are getting outside the web root
at least for reading files.
As for PUT, what does the OPTIONS command tell you? Is PUT an enabled
verb on the web server you are testing? otherwise you are not going to
go anywhere with that. You can also check for WEBDAV verbs that may
interest you...
In any case to go outside the web root for writing files as well you
need to have some help from the underlying O/S regaind file/directory
permissions...
Hope it helps,
ZQ
On 10/17/07, jfvanmeter@comcast.net <jfvanmeter@comcast.net> wrote:
Hello everyone, I'm in the middle of a test on a app that the following
command works on
http://mycomputer:port#/..//..//..//..//..//..//..//windows/win.ini
and it will prompt me to save the file, if i check my packet capture I see
the contents of the file.
So far I've been unable to get a put or post command to work and was hoping
to get some ideas from you all on things to try.
I've been trying to get nc/telnet and some other tools to help me with the
put comand
Thanks in advance --John
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
--
---------------------------------------------------------------------
ÎÏÎÏÎ
áÎ ÏáÎá áÏÎÏÎÎ Îá Ïá Îá ÎÎÏÎÏÎÎÎÎÎ
áÎÏÏÏÎ, áÎÏÎÏÎÎÎÎ Îá ÏáÎÎÎÎÏÎÎÎÎÎ.
ÎÎÎÎÏÎÏÏ ÎÏÏÏÎÎÎÏ [110]
---------------------------------------------------------------------
Creon
In this our land, so said he, those who seek Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]
---------------------------------------------------------------------
