|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Platform specific error codes.
From: Eoin (eoinkeary
gmail.com)
Date: Wed Oct 04 2006 - 05:33:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
The OWASP testing guide has a small piece on error codes which may
help but more needs to be added. If you would like to contribute
please contact myself via the OWASP site.
regards,
Eoin
On 03/10/06, Zapotek <zapotekzspgmail.com> wrote:
> Hello list,
>
> I'm kinda developing a web application security vulnerability scanner.
> It's going to be open source with a metasploit-like interface.
>
> I have finished the interactive shell interface but I want the system to
> be modularized,
> so new recon techniques can be added using simple XML files.
>
> BUT, in order to identify vulnerabilities I need some error codes
> generated by different platforms like Python/Perl/ASP/etc. during attacks.
>
> For example, if a PHP application has a file inclusion vulnerability
> and the vulnerable variable is "file" the parameter:
> "file=some_non_existent_file.foo"
> Would trigger the error:
>
> *Warning*: include(some_non_existent_file.foo) [function.include <http://localhost/%7Ezapotek/fis/function.include>]: failed to open stream: No such file or directory in */home/zapotek/public_html/pen_test/vuln.php* on line *13
>
> *I think you got what I'm saying. :)
>
> Regards,
> Zapotek.*
> *
>
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Watchfire has new programs available for pen testers and consultants to
> use AppScan in client engagements. AppScan is the leading Web application
> assessment tool. Want to see it for yourself? Take a look today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
> --------------------------------------------------------------------------
>
>
--
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]