Using a directory traversal attack to execute commands

Question

Using a directory traversal attack to execute commands

Is there a way to execute commands using directory traversal attacks?

For example, I am accessing a server file etc/passwdlike this

http://server.com/..%01/..%01/..%01//etc/passwd

Is there a way to run a command? How...

http://server.com/..%01/..%01/..%01//ls

..... and get a conclusion?

To be clear here, I found that on our server company. I want to increase the level of risk (or bonus points for me) by proving that it can give an attacker full access to the system.

+3

security linux scripting directory-traversal

Hydera Feb 14 '10 at 21:19

source share

6 answers

Chroot Linux ( FreeBSD). - SELinux Apache SELinux:

run_init /etc/init.d/httpd restart

, mod_security.

+2

Henry 01 . '10 0:46

- -, , , ls ( , ) , ls .

, , .

0

Anon. 14 . '10 21:28

# 2: , . , , gAMBOOKa , Apache Fedora, , :

Apache, , Apache Fedora .
Fedora, , , Apache .
, httpd.conf .
passwd, Apache /chrooted, , passwd, /chrooted... , , VMWARE , Apache/Fedora, - httpd VMWare , , . chroot/sandbox ...
, , , , , -, sandbox/chrooted - , ...

, , , .

0

t0mm13b 14 . '10 21:31

, ( ), ( ).

http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution

0

cherouvim 14 . '10 21:35

If you can already view etc / passwd, then the server should be poorly configured ... if you really want to execute commands, you need to know that the PHP script works on the server, is there any system () so that you can pass commands via url .. for example: url? command = ls try to view .htaccess files .... this might do the trick ..

0

user616639 Feb 15 '11 at 10:29

source share

mar · Accepted Answer · 2010-02-14T21:52:46+0000

/etc/passwd , , , .

, /etc/passwd -, ( ) , popen, exec, system, shell_exec , .

Using a directory traversal attack to execute commands

More articles: