Using directory traversal attack to execute commands
Posted
by
gAMBOOKa
on Stack Overflow
See other posts from Stack Overflow
or by gAMBOOKa
Published on 2010-02-14T21:19:51Z
Indexed on
2011/01/01
0:54 UTC
Read the original article
Hit count: 125
Is there a way to execute commands using directory traversal attacks?
For instance, I access a server's etc/passwd
file like this
http://server.com/..%01/..%01/..%01//etc/passwd
Is there a way to run a command instead? Like...
http://server.com/..%01/..%01/..%01//ls
..... and get an output?
EDIT: To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system
© Stack Overflow or respective owner