From: Paul Melson (pmelson@gmail.com)
Date: Wed Mar 12 2008 - 10:06:52 EST
> how does one exploit directory traversal vulnearbility ?
http://en.wikipedia.org/wiki/Directory_traversal
> does this error message indicate such a vulnerability ?
> E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\
> ../includes/toplinks-archive-courses-spas.asp, line 1
Maybe. Try working your way up and back down to something like
\inetpub\ftp and see where you get. Also keep an eye on your
server responses. For instance, if you request something
that should be above the webroot directory and get a 404,
then there's no directory traversal vulnerability. But if
you get a 403, then I would say that there is, especially
if the error includes the path you were trying for.
PaulM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT