Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: directory traversal vulnerability

from [Lee Lawson] Network Security [Permanent Link]
Subject: Re: directory traversal vulnerability
Date: Wed, 12 Mar 2008 09:09:43 +0000 
The error message that you posted may just be a pathname in the
verbose error message and not necessarily a directory traversal issue.

As part of a penetration test, I would report on the fact that a full
pathname is given in an error message, but it would not be very highly
rated.

If you could give us some more info on what you did to cause the error
and post the full text of the error message, maybe we can help more.

lee.

On 9 Mar 2008 03:02:26 -0000, <davemitch@mailinator.com> wrote:

hi List,


how does one exploit directory traversal vulnearbility ?


does this error message indicate such a vulnerability ?

-----------------------------------------------



E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA 
GES\../includes/toplinks-archive-courses-spas.asp, line 1

________________________________________________



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






-- 
Lee J Lawson
leejlawson@gmail.com

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

"Faber est suae quisque fortunae"

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Inguma version 0.0.7.2 released, Joxean Koret
Next by Date:  Re: Citrix application breakout - take care of Microsoft calculator, sherwyn . williams
Previous by Thread:  directory traversal vulnerability, davemitch
Next by Thread:  RE: directory traversal vulnerability, Arian J. Evans
Indexes:  [Date] [Thread] [Top] [All Lists]