How does it work?

Lets say that your application could be found at: http://mysrvr:777/home/ and the application files could be found in the file system under: /myapps/demoapp/client/version/lastversion/. After entering these details, you are ready to go! Each file in the files system will receive its relevant path, so the files under /myapps/demoapp/client/version/1.1/ will be sent as: http://mysrvr:777/home/../1.1/ and requests for files under /myapp/differentapp/files/ will be sent as: http://mysrvr:777/home/../../../../differentapp/files/, etc.
Done! now switch to the Results Tab and see where the holes are...

What to do ?

  • Download last version: here
  • See help about Path Traverser
  • Contact us at pt@appsec.it
  • Want to hear more? click here
temp
temp
scotch egg

Version 1.3 is out !!!

* Stabilized
* Hyperlinked results: double-click to open in browser
* Using SSH and sFTP instead of Telnet and FTP to connect to the Host server

© Tal Melamed