jetlib.sec » Penetration Testing » Directory Traversal on File Upload

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• August 01, 2011
• 

  Directory Traversal on File Upload

  Posted: August 1st, 2011, 9:24pm PDT

  Tags:   

  Posted by mcleano on Aug 01

  Hi guys,
  
  I'm doing a pentest on a friends website that he made for coursework at uni
  and i've come to a stop. I've gained access to an administrator account and
  have access to a file upload facility which allows me to upload a php file
  as there are no checks on the file type but the php file goes into an image
  folder which I believe has the 'NoExec' option turned on in the Apache
  configuration. The reason I think that is...