'SV: [WEB SECURITY] local file inclusion and path transversal'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    SV: [WEB SECURITY] local file inclusion and path transversal
From:       David Jacoby <David.Jacoby () truesec ! se>
Date:       2010-02-15 12:14:35
Message-ID: B45A338323F2F44D83CE47B43E847E070109A5EA3FFD () TS-SRV-003 ! internal ! truesec ! com
[Download RAW message or body]

Hey Guys,

I published a whitepaper, not so long ago about how to get command execution throught \
file inclusion vulnerabilities on PHP-based webapplications through log poisoning \
attacks via /proc on *NIX-based operating systems.

http://www.vulndev.se/alternatrive-ways-to-exploit-file-include.pdf

I will update it some day with some SELinux (default policy) bypassing stuff. 

Best regards,
David Jacoby



--------------------------------------------------------------------------------
David Jacoby - Truesec AB
Unix/Linux and alternative systems

Mobil: +46-(0)709-183011
--------------------------------------------------------------------------------

________________________________________
Från: Daniele Bellucci [daniele.bellucci@gmail.com]
Skickat: den 14 februari 2010 20:17
Till: Miguel González Castaños
Kopia: websecurity@webappsec.org
Ämne: Re: [WEB SECURITY] local file inclusion and path transversal

Have a look to wfuzz, then the wordlist :
http://www.ikkisoft.com/stuff/dirTraversal.txt


2010/2/14 Miguel González Castaños <miguel_3_gonzalez@yahoo.es>:
> Hi all,
> 
> I keep on studying different hacking techniques. The next assignment is to
> scan a website to find local file inclusion and path transversal
> vulnerabilities. I have used the free edition of n-stalker, acunetix and
> nikto and I haven't found anything. Any howto or (free) vulnerability
> scanner anyone of you recommend me?
> 
> Thanks,
> 
> Miguel
> 
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> 
> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> 

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic