|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Platform specific error codes.
From: Zapotek (zapotekzsp
gmail.com)
Date: Tue Oct 03 2006 - 12:25:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello list,
I'm kinda developing a web application security vulnerability scanner.
It's going to be open source with a metasploit-like interface.
I have finished the interactive shell interface but I want the system to
be modularized,
so new recon techniques can be added using simple XML files.
BUT, in order to identify vulnerabilities I need some error codes
generated by different platforms like Python/Perl/ASP/etc. during attacks.
For example, if a PHP application has a file inclusion vulnerability
and the vulnerable variable is "file" the parameter:
"file=some_non_existent_file.foo"
Would trigger the error:
*Warning*: include(some_non_existent_file.foo) [function.include <http://localhost/%7Ezapotek/fis/function.include>]: failed to open stream: No such file or directory in */home/zapotek/public_html/pen_test/vuln.php* on line *13
*I think you got what I'm saying. :)
Regards,
Zapotek.*
*
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]