#30 Directory Traversal Bug

open
5
2013-03-28
2013-03-28
Anonymous
No

I performed a directory scan with [scan directories] and [be recursive] checked. [scan files] was unchecked. Somewhere over the course of the scan it decides to test "../" within the path name. Some webservers allow this and simply provide the page one directory up. This caused dirbuster to find infinite directories during the course of the scan, and slowed down the process of traversing through any of the other real directories it found. I had to stop the scan.

Expected result: Don't test "../" unless some rules are in place to determine where static// is te same as static/images/../

Discussion


Log in to post a comment.