Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Platform specific error codes.

from [Eoin] Network Security [Permanent Link]
Subject: Re: Platform specific error codes.
Date: Wed, 4 Oct 2006 11:33:57 +0100 
Hello,
The OWASP testing guide has a small piece on error codes which may
help but more needs to be added. If you would like to contribute
please contact myself via the OWASP site.
regards,
Eoin

On 03/10/06, Zapotek <zapotekzsp@gmail.com> wrote: 
Hello list,

I'm kinda developing a web application security vulnerability scanner.
It's going to be open source with a metasploit-like interface.

I have finished the interactive shell interface but I want the system to
be modularized,
so new recon techniques can be added using simple XML files.

BUT, in order to identify vulnerabilities I need some error codes
generated by different platforms like Python/Perl/ASP/etc. during attacks.

For example, if a PHP application has a file inclusion vulnerability
and the vulnerable variable is "file" the parameter:
"file=some_non_existent_file.foo"
Would trigger the error:

*Warning*:  include(some_non_existent_file.foo) [function.include 
<http://localhost/%7Ezapotek/fis/function.include>]: failed to open stream: No 
such file or directory in */home/zapotek/public_html/pen_test/vuln.php* on line *13

*I think you got what I'm saying. :)

Regards,
Zapotek.*
*


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------




--
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire has new programs available for pen testers and consultants to use AppScan in client engagements. AppScan is the leading Web application assessment tool. Want to see it for yourself? Take a look today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning), Nish Bhalla
Next by Date:  Re: Platform specific error codes., Zapotek
Previous by Thread:  Platform specific error codes., Zapotek
Next by Thread:  Re: Platform specific error codes., Zapotek
Indexes:  [Date] [Thread] [Top] [All Lists]