It may be perfect for Denial of Service but even to simply check if files exist.
> Dan,
>
> Sorry for holding this email in the moderator queue for so long,
> please read inline
>
> On Mon, Apr 16, 2012 at 1:46 PM, Dan Zulla <d...@defendassist.com> wrote:
>> I just did some pentesting for a customer and recognized a interesting
>> vulnerability: A blind local file inclusion.
>> Thought about detecting it in a fully automated manner for 2 minutes :
>> ../../../../../../../../../../dev/urandom -> Timeout
>
> That's interesting! Never heard of such technique for detecting
> local file reads.
>
>> Time Delay, lfi.py extension?
>> Good Idea, Bad Idea?
>
> Not sure if it is a good idea, or if it even could be tagged as a
> vulnerability. If the attacker can not read any file contents, where
> do you see the risk? Maybe if the application ends up in a DoS because
> of all the garbage read from /dev/urandom ... you have a risk there?
> How did this impact the application you were testing?
>
> Regards,
>
>> Feedback welcome.
>>
>> All the best,
>> Dan
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
Best Regards,
--
Daniel Zulla
Information Security
Defendassist IT Security GmbH
Greifswalder Str. 207
10405 Berlin, Germany
Mobil: +49 - 151 - 40172133
Email: d...@defendassist.com
Web: http://www.defendassist.com/
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
