Re: [W3af-develop] Blind Local File Include

Wed, 02 May 2012 06:20:20 -0700 

Dan,

    Sorry for holding this email in the moderator queue for so long,
please read inline

On Mon, Apr 16, 2012 at 1:46 PM, Dan Zulla <d...@defendassist.com> wrote:
> I just did some pentesting for a customer and recognized a interesting 
> vulnerability: A blind local file inclusion.
> Thought about detecting it in a fully automated manner for 2 minutes : 
> ../../../../../../../../../../dev/urandom -> Timeout

    That's interesting! Never heard of such technique for detecting
local file reads.

> Time Delay, lfi.py extension?
> Good Idea, Bad Idea?

    Not sure if it is a good idea, or if it even could be tagged as a
vulnerability. If the attacker can not read any file contents, where
do you see the risk? Maybe if the application ends up in a DoS because
of all the garbage read from /dev/urandom ... you have a risk there?
How did this impact the application you were testing?

Regards,

> Feedback welcome.
>
> All the best,
> Dan
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to