SecurityFocus

Directory Traversal on File Upload Aug 01 2011 05:30PM
mcleano (almcer hotmail com) (2 replies)

RE: Directory Traversal on File Upload Aug 02 2011 04:34AM
Brett Moore (brett moore insomniasec com) (1 replies)

RE: Directory Traversal on File Upload Aug 02 2011 11:24AM
mcleano (almcer hotmail com)

Re: Directory Traversal on File Upload Aug 02 2011 04:28AM
Adam Mooz (adam mooz gmail com) (1 replies)

Out of curiosity, have you tried setting the upload path to "./../hostile.script", or "../hostile.script"? Or uploading your own .htaccess file to override the noexec directive?

-----------------------------------------------------------------
Adam Mooz
"In technology I'm placing all my trust"
http://www.AdamMooz.com

Please note: This email address is being deprecated. For future discourse, please use: Adam (at) AdamMooz (dot) com [email concealed], thanks!

On 2011-08-01, at 1:30 PM, mcleano wrote:

>
> Hi guys,
>
> I'm doing a pentest on a friends website that he made for coursework at uni
> and i've come to a stop. I've gained access to an administrator account and
> have access to a file upload facility which allows me to upload a php file
> as there are no checks on the file type but the php file goes into an image
> folder which I believe has the 'NoExec' option turned on in the Apache
> configuration. The reason I think that is that when I try to access the php
> page (which happens to be a reverse-shell) i get a 502 "server dropped
> connection" error message. Clarification to that would be nice if anyone
> knows? So my question is, is there anyway to upload to the parent directory
> and how might I go about doing it? Or some kind of point in the right
> direction?
>
> Thank you. Regards,
>
> Alan
> --
> View this message in context: http://old.nabble.com/Directory-Traversal-on-File-Upload-tp32171687p3217
1687.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]

Re: Directory Traversal on File Upload Aug 02 2011 11:39AM
mcleano (almcer hotmail com)