[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: SV: [WEB SECURITY] local file inclusion and path transversal
From: David Jacoby <David.Jacoby () truesec ! se>
Date: 2010-02-15 12:14:35
Message-ID: B45A338323F2F44D83CE47B43E847E070109A5EA3FFD () TS-SRV-003 ! internal ! truesec ! com
[Download RAW message or body]
Hey Guys,
I published a whitepaper, not so long ago about how to get command execution throught \
file inclusion vulnerabilities on PHP-based webapplications through log poisoning \
attacks via /proc on *NIX-based operating systems.
http://www.vulndev.se/alternatrive-ways-to-exploit-file-include.pdf
I will update it some day with some SELinux (default policy) bypassing stuff.
Best regards,
David Jacoby
--------------------------------------------------------------------------------
David Jacoby - Truesec AB
Unix/Linux and alternative systems
Mobil: +46-(0)709-183011
--------------------------------------------------------------------------------
________________________________________
Från: Daniele Bellucci [daniele.bellucci@gmail.com]
Skickat: den 14 februari 2010 20:17
Till: Miguel González Castaños
Kopia: websecurity@webappsec.org
Ämne: Re: [WEB SECURITY] local file inclusion and path transversal
Have a look to wfuzz, then the wordlist :
http://www.ikkisoft.com/stuff/dirTraversal.txt
2010/2/14 Miguel González Castaños <miguel_3_gonzalez@yahoo.es>:
> Hi all,
>
> I keep on studying different hacking techniques. The next assignment is to
> scan a website to find local file inclusion and path transversal
> vulnerabilities. I have used the free edition of n-stalker, acunetix and
> nikto and I haven't found anything. Any howto or (free) vulnerability
> scanner anyone of you recommend me?
>
> Thanks,
>
> Miguel
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic