Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Is this a Directory Traversal vulnerability?


theSheWolf's Avatar
Member
0 0

So, this is my friend\'s page and he\'s given me permission to mess around with it. Anyway, I won\'t post the page but I came across a url that said: http://www.blah.com/apps.php?app=blahfree

So I tried ../ so I was like: http://www.blah.com/apps.php?app=../../../../../ and I got a page full of broken pictures. Since the index of the site that i was in were screenshots…i was like whatever. But then, I remembered something from one of those hackthissite realistics that if you copy the broken picture url you might get something. sure enough, i got directories from the database. For example, the link locations were: www.blah.com/%5Cboot www.blah.com/%5Caquota.user I got things like cpanel, trash, reboot..stuff like that. There\'s a bunch more on the site.

However, if I go: http://www.blah.com/apps.php?app=../../../../etc/passwd
I get a:

Method Not Implemented GET to /apps.php not supported.

Actually, he has a bunch of error messages all over the page already. I thinked he might\'ve screwed something up along the way. Lines like these: Warning: Unknown: open(/tmp/sess_70190caf6427c9f3b96790cb305ac1, O_RDWR) failed: No space left on device (26) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

Warning: session_start() [function.session-start]: open(/tmp/sess_70190caf6427c9f3b96790cb305ac1, O_RDWR) failed: No space left on device (26) in /home/blah/public_html/apps.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/blah/public_html/apps.php:2) in /home/blah/public_html/apps.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/blah/public_html/apps.php:2) in /home/blah/public_html/apps.php on line 2

I\'ve tried these links, they all return 404. Thanks


lolly's Avatar
Member
0 0

Would have to see the site to tell you if it was a direct. transversal.

The open errors are either an issue with the server\\\\\\\\\\\\\\\'s harddrive, or he ran out of space on his hosting account.

The header errors sound like he\\\\\\\\\\\\\\\'s trying to send new headers after he already printed something to the page, but I\\\\\\\\\\\\\\\'d have to see the code to be sure.

If you want, you can send me a link and I can take a look at it. Eh I probably wouldn\\\\\\\\\\\\\\\'t trust some random guy on an outdated hacking forum though. P.S. can an admin please turn off add slashes (or if that\\\\\\\\\\\\\\\'s magic_quotes, upgrade your php version). <3 thanks :heartzZzz:


theSheWolf's Avatar
Member
0 0

Thanks for the offer but I think I\'ll do some more research first and then when I\'m really stuck I\'ll message you. I just want to know if that sounds like a directory traversal. I\'ve only seen it done on youtube and stuff. I\'ve never actually done one.


korg's Avatar
Admin from hell
0 0

theSheWolf wrote: I\\\'ve never actually done one.

And that\'s how you learn my friend.