|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Platform specific error codes.
From: Zapotek (zapotekzsp
gmail.com)
Date: Wed Oct 04 2006 - 05:57:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Eoin,
Thanks for replying.
If you meant this part :
http://www.owasp.org/index.php/Analysis_about_error_codes
it is indeed a small piece and I'd love to contribute once I have a
decent error database. :)
Regards,
Zapotek.
On 10/4/06, Eoin <eoinkearygmail.com> wrote:
> Hello,
> The OWASP testing guide has a small piece on error codes which may
> help but more needs to be added. If you would like to contribute
> please contact myself via the OWASP site.
> regards,
> Eoin
>
> On 03/10/06, Zapotek <zapotekzspgmail.com> wrote:
> > Hello list,
> >
> > I'm kinda developing a web application security vulnerability scanner.
> > It's going to be open source with a metasploit-like interface.
> >
> > I have finished the interactive shell interface but I want the system to
> > be modularized,
> > so new recon techniques can be added using simple XML files.
> >
> > BUT, in order to identify vulnerabilities I need some error codes
> > generated by different platforms like Python/Perl/ASP/etc. during attacks.
> >
> > For example, if a PHP application has a file inclusion vulnerability
> > and the vulnerable variable is "file" the parameter:
> > "file=some_non_existent_file.foo"
> > Would trigger the error:
> >
> > *Warning*: include(some_non_existent_file.foo) [function.include <http://localhost/%7Ezapotek/fis/function.include>]: failed to open stream: No such file or directory in */home/zapotek/public_html/pen_test/vuln.php* on line *13
> >
> > *I think you got what I'm saying. :)
> >
> > Regards,
> > Zapotek.*
> > *
> >
> >
> > -------------------------------------------------------------------------
> > Sponsored by: Watchfire
> >
> > Watchfire has new programs available for pen testers and consultants to
> > use AppScan in client engagements. AppScan is the leading Web application
> > assessment tool. Want to see it for yourself? Take a look today!
> >
> > https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
> > --------------------------------------------------------------------------
> >
> >
>
>
> --
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
>
--
__________________________________________________________
http://www.segfault.gr
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire has new programs available for pen testers and consultants to
use AppScan in client engagements. AppScan is the leading Web application
assessment tool. Want to see it for yourself? Take a look today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YSz
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]