From: Todd Haverkos (fsbo@haverkos.com)
Date: Thu Mar 13 2008 - 01:00:00 EST
davemitch@mailinator.com writes:
> hi List,
>
> how does one exploit directory traversal vulnearbility ?
>
> does this error message indicate such a vulnerability ?
> -----------------------------------------------
>
>
> E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1
Hi Dave,
You really haven't given enough information there to say for sure, but
I'm leaning towards "no."
If--by manipulating a filename parameter of a GET or POST request--you
can display a file outside of the web root, or in a protected
directory of the web root, then I'd say you have found a directory
traversal vulnerability. But just getting some text in an error
message with a ../ in it doesn't quite qualify.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT