I trying to pentest website, but I am new and confused Well!.
I know that there is files named for example : file1 and file2. And the server is nginx.
So I did this test:
[1] http://example.com/file1..%2ffile2 => 404
[2] http://example.com/file1..%2f.. %2ffile2 => 200 + showed me the file2 so its work!
After this test I assume that the website is vulnerable.
So I did this test:
[1] http://example.com/file1..%2f..%2f..%2f => 400
[2] http://example.com/file1..%2f..%2f..%2fetc/passwd => 400
[3] I tried windows files and linux files...so I did a lot of tests.
As its show above I am not able to get files from outsite the website.
The question is is this consider vulnerable to path traversal even if I not able to get any file from outside of website.
Aucun commentaire:
Enregistrer un commentaire