[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: post vulnerability scenario

From: "Arian J. Evans" <arian.evans@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Re: post vulnerability scenario
Date: Wed, 12 Mar 2008 15:09:23 -0700

Dave -- I'm including the WASC list. The SF webappsec list is dead for
all intents and purposes. This list will have more feedback.

So -- VB (visual basic, the language) is strongly typed.

That's probably just a type mismatch error. I don't even look at those
type of vb errors. e.g. -noise, not signal; nothing exploitable there
indicated by that message.

btw// I just read the source for wapiti, that's a cool little project.

It's rudimentary at best; I've give it a 2 on a 0-10 scale of blackbox
webapp scanners. (I'm putting Nikto at 0 and 10 as the holy grail of
perfection that no one has achieved)

Commercial blackbox scanners are light years ahead of this, as are
manual testing techniques. This thing just doesn't compare to Appscan
and NTO for example, but OTOH it is just a couple of python scripts so
it's hard to say anything bad about it considering what it is.

--

disclaimer: I work with WhiteHat Sentinel so I'm completely biased on
my little "scoring system" above.

btw// re: Muench's reply: you can use env variables on Windows to get
around the need to change drives on dir trav attacks. Most tests I've
seen are statically coded, which is kind of silly.
%systemroot%/../boot.ini will often get you what you need if you are
trying a windows dir trav verify test.

-- 
Arian Evans
software security stuff

On 7 Mar 2008 04:52:11 -0000,  <davemitch@xxxxxxxxxxxxxx> wrote:
> hi list,
>
>  on using wapiti (a vulnerability scanner for web applications) on an internal website, the output is a list of attack URLs like the one below
>
>
>
>  hxxp://***.****.***.***/pages/abstract.asp?paperid=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini
>
>
>
>  On pasting the URL in a browser, the error message is like this
>
>
>
>  ___________________________________________________________________________________________________________
>
>  Microsoft VBScript runtime error '800a000d'
>
>
>
>  Type mismatch: '[string: "¿'"("]'
>
>
>
>  E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PAGES\../includes/toplinks-archive-courses-spas.asp, line 1
>
>  _____________________________________________________________________________________________________________
>
>
>
>  What needs to be done next to exploit the vulnerability detected by wapiti ? any suggestions or ideas are welcome.
>
>
>
>  thankx
>
>
>  -------------------------------------------------------------------------
>  Sponsored by: Watchfire
>  Methodologies & Tools for Web Application Security Assessment
>  With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
>
>  https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
>  -------------------------------------------------------------------------
>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: [WEB SECURITY] WASC meetup at RSA conference
Next by Date: [WEB SECURITY] Message Post
Previous by thread: [WEB SECURITY] WASC meetup at RSA conference
Next by thread: [WEB SECURITY] Message Post
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site