0

I have been given a task of reproducing the issue/testing the unauthorized access to file system through request.param and query string.

For instance i have something like this. request.querystring("blah"); How could somebody pass "../../../b1/b2" in the query string and access file system.

This may be related to cross site scripting.

Need help..at least provide resources. Thanks in advance.

naveen
  • 53,448
  • 46
  • 161
  • 251
gtk
  • 3
  • 1
  • 2
  • are you asking of how to hack using Remote File Inclusion (RFI), Local File Inclusion (LFI)? – Kris Ivanov Feb 11 '11 at 02:21
  • @ K Lvanov, Well i am asking for how to do cross site scripting. In order to induce in the request parameters and access the file system. like the following. – gtk Feb 11 '11 at 16:04

1 Answers1

1

Wish I could provide a definitive answer, but can at least steer you in some direction. Not sure how confident you are that request.querystring() was indeed responsible, but some possibilities are:

Directory Traversal/Path Traversal:

Overview: http://en.wikipedia.org/wiki/Directory_traversal
Testing For: http://www.owasp.org/index.php/Testing_for_Path_Traversal

Remote File Inclusion:

Overview: http://en.wikipedia.org/wiki/Remote_file_inclusion
Tutorial: http://www.offensivecomputing.net/?q=node/624 (KnightLighter's Tutorial)

Hope this moves you in the right direction.

xelco52
  • 5,257
  • 4
  • 40
  • 56
  • Thanks for the links which helped me understanding. Can you provide info of how to implement the attack. I want to attack my own site and see the whether it is preventing it or not. – gtk Feb 11 '11 at 16:45
  • requesting the page with ? throwing the potentially dangerous request exception. How to perform testing even if the validateRequest is true. Basically how to by pass and perform injection. – gtk Feb 11 '11 at 17:54
  • @gtk The link to owasp has a section on testing for the exploit. Might also check out metasploit if you intend to conduct pen testing. Roll up your sleeves and good luck ;) – xelco52 Feb 11 '11 at 19:29