Directory Traversal is not only a web-server vulnerability, neza0x. Webapps can be vulnerable as
well. Or 3rd party [nginx|apache|etc] modules, for that matter.
On 11/03/2010 05:49 PM, neza0x (at) gmail (dot) com [email concealed] wrote:
> Directory Traversal still alive? I mean, does your tool bypass Apache, IIS latest versions? Or it is applicable to IIS 4?
>
> It would be nice to have new techniques, improve multi-byte encoders and so on.
>
> Sent via BlackBerry from Danux Network
>
> -----Original Message-----
> From: "chr1x" <chr1x (at) sectester (dot) net [email concealed]>
> Date: Fri, 29 Oct 2010 23:47:20
> To: <full-disclosure (at) lists.grok.org (dot) uk [email concealed]>; <websecurity (at) webappsec (dot) org [email concealed]>
> Cc: <webappsec (at) lists.securityfocus (dot) com [email concealed]>; <bugtraq (at) securityfocus (dot) com [email concealed]>
> Subject: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
> CubilFelino Security Research Lab and Chatsubo (IN) Security Labs
> proudly present...
>
> DotDotPwn v2.1 - The Directory Traversal Fuzzer
> ===============================================
>
> Authors: Christian Navarrete (chr1x @ http://chr1x.sectester.net) and
> Alejandro Hernández H. (nitr0us @ http://chatsubo-labs.blogspot.com)
>
> Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences
> 2010)
>
> Tool Description
> ================
> It's a very flexible intelligent fuzzer to discover traversal directory
> vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms
> such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent
> module to send the desired payload to the host and port specified. On
> the other hand, it also could be used in a scripting way using the
> STDOUT module.
>
> It's written in perl programming language and can be run either under
> *NIX or Windows platforms.
>
> Fuzzing modules supported in this version:
> - HTTP
> - HTTP URL
> - FTP
> - TFTP
> - Payload (Protocol independent)
> - STDOUT
>
> Discovered Vulnerabilities
> ==========================
>
> - HTTP (4 security advisories)
> * MultiThreaded HTTP Server @
> http://www.inj3ct0r.com/exploits/11894
> * Wing FTP Server v3.4.3 @
> http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt
> * Yaws 1.89
> * Mongoose 2.11
>
> - FTP (2 security advisories)
> * VicFTPS v5.0 @ http://www.inj3ct0r.com/exploits/12131
> * Home FTP Server vr1.11.1 (build 149) @
> http://www.exploit-db.com/exploits/15349
>
> - TFTP (2 security advisories)
> * TFTP Desktop 2.5 @ http://www.exploit-db.com/exploits/14857
> * TFTPDWIN v0.4.2 @ http://www.exploit-db.com/exploits/14856
>
>
> Download
> ========
> Official site: http://dotdotpwn.sectester.net
> Mirror site: http://chatsubo-labs.blogspot.com
>
> Contact
> =======
> Contact: dotdotpwn (at) sectester (dot) net [email concealed]
>
> Vote for DotDotPwn as tool for next BackTrack release!! ->
> http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html
>
>
> ------------------------------------------------------------------------
----
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> To unsubscribe email websecurity-unsubscribe (at) webappsec (dot) org [email concealed] and reply to
> the confirmation email
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
- --
Arturo "Buanzo" Busleiman :.
Independent Linux and Security Consultant - OWASP - SANS - OISSG .
http://www.buanzo.com.ar/pro/eng.html ..:
http://www.cervezacicuta.com.ar - "LA" Cerveza Artesanal de Villa Bosch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Hash: SHA512
Directory Traversal is not only a web-server vulnerability, neza0x. Webapps can be vulnerable as
well. Or 3rd party [nginx|apache|etc] modules, for that matter.
On 11/03/2010 05:49 PM, neza0x (at) gmail (dot) com [email concealed] wrote:
> Directory Traversal still alive? I mean, does your tool bypass Apache, IIS latest versions? Or it is applicable to IIS 4?
>
> It would be nice to have new techniques, improve multi-byte encoders and so on.
>
> Sent via BlackBerry from Danux Network
>
> -----Original Message-----
> From: "chr1x" <chr1x (at) sectester (dot) net [email concealed]>
> Date: Fri, 29 Oct 2010 23:47:20
> To: <full-disclosure (at) lists.grok.org (dot) uk [email concealed]>; <websecurity (at) webappsec (dot) org [email concealed]>
> Cc: <webappsec (at) lists.securityfocus (dot) com [email concealed]>; <bugtraq (at) securityfocus (dot) com [email concealed]>
> Subject: [WEB SECURITY] [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer
> CubilFelino Security Research Lab and Chatsubo (IN) Security Labs
> proudly present...
>
> DotDotPwn v2.1 - The Directory Traversal Fuzzer
> ===============================================
>
> Authors: Christian Navarrete (chr1x @ http://chr1x.sectester.net) and
> Alejandro Hernández H. (nitr0us @ http://chatsubo-labs.blogspot.com)
>
> Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences
> 2010)
>
> Tool Description
> ================
> It's a very flexible intelligent fuzzer to discover traversal directory
> vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms
> such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent
> module to send the desired payload to the host and port specified. On
> the other hand, it also could be used in a scripting way using the
> STDOUT module.
>
> It's written in perl programming language and can be run either under
> *NIX or Windows platforms.
>
> Fuzzing modules supported in this version:
> - HTTP
> - HTTP URL
> - FTP
> - TFTP
> - Payload (Protocol independent)
> - STDOUT
>
> Discovered Vulnerabilities
> ==========================
>
> - HTTP (4 security advisories)
> * MultiThreaded HTTP Server @
> http://www.inj3ct0r.com/exploits/11894
> * Wing FTP Server v3.4.3 @
> http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt
> * Yaws 1.89
> * Mongoose 2.11
>
> - FTP (2 security advisories)
> * VicFTPS v5.0 @ http://www.inj3ct0r.com/exploits/12131
> * Home FTP Server vr1.11.1 (build 149) @
> http://www.exploit-db.com/exploits/15349
>
> - TFTP (2 security advisories)
> * TFTP Desktop 2.5 @ http://www.exploit-db.com/exploits/14857
> * TFTPDWIN v0.4.2 @ http://www.exploit-db.com/exploits/14856
>
>
> Download
> ========
> Official site: http://dotdotpwn.sectester.net
> Mirror site: http://chatsubo-labs.blogspot.com
>
> Contact
> =======
> Contact: dotdotpwn (at) sectester (dot) net [email concealed]
>
> Vote for DotDotPwn as tool for next BackTrack release!! ->
> http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html
>
>
> ------------------------------------------------------------------------
----
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> To unsubscribe email websecurity-unsubscribe (at) webappsec (dot) org [email concealed] and reply to
> the confirmation email
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
- --
Arturo "Buanzo" Busleiman :.
Independent Linux and Security Consultant - OWASP - SANS - OISSG .
http://www.buanzo.com.ar/pro/eng.html ..:
http://www.cervezacicuta.com.ar - "LA" Cerveza Artesanal de Villa Bosch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEAREKAAYFAkzSxJUACgkQAlpOsGhXcE1K5ACdEmzYELsPRhM7KE6Bpy4FHbLZ
lXEAn0dp6zsGR40SNmluN031oFAHnOsp
=FGhN
-----END PGP SIGNATURE-----
[ reply ]