How to exploit Directory traversal vulnerability?
Backtrack has lots of tools for web-application testing. Directory
traversal is one of the critical vulnerability in web-application.
Previously i post about what is directory traversal & how to bypass its filter
, but that process is manual, it can consume lots of time.But in
bactrack automatic tools are available for this test which is DOTDOTPWN.
If you are on other distro , then you can download it form here.
If you are on other distro , then you can download it form here.
directory vulnerabilities in software such as HTTP/FTP/TFTP
servers, Web platforms such as CMSs, ERPs, Blogs, etc.
Also, it has a protocol-independent module to send the desired
payload to the host and port specified. On the other hand, it
also could be used in a scripting way using the STDOUT module.
It's written in perl programming language and can be run
either under *NIX or Windows platforms. It's the first Mexican
tool included in BackTrack Linux (BT4 R2).
Fuzzing modules supported in this version:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT
No comments:
Post a Comment