Friday, February 12, 2010

Directory Traversal Fun

I came across a few interesting posts today on this topic today and I thought I would share. The first one I landed on was an interesting read about a poorly secured malicious server from Russ McRee at HolisticInfoSec.com.

http://holisticinfosec.blogspot.com/2010/02/directory-traversal-as-reconnaisance.html

Next, I ended up on the OWASP page on testing for these kinds of vulnerabilities:

http://www.owasp.org/index.php/Testing_for_Path_Traversal

Then finally, a nice NMAP script for the VMware directory traversal vulnerability (CVE-2009-3733) recently discussed at Shmoocon:

http://www.skullsecurity.org/blog/?p=436

good times.