lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Oct 2010 23:47:20 -0700 From: "chr1x" <chr1x@...tester.net> To: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org Cc: webappsec@...ts.securityfocus.com, bugtraq@...urityfocus.com Subject: [TOOL] DotDotPwn v2.1 - The Directory Traversal Fuzzer CubilFelino Security Research Lab and Chatsubo (IN) Security Labs proudly present... DotDotPwn v2.1 - The Directory Traversal Fuzzer =============================================== Authors: Christian Navarrete (chr1x @ http://chr1x.sectester.net) and Alejandro Hernández H. (nitr0us @ http://chatsubo-labs.blogspot.com) Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences 2010) Tool Description ================ It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version: - HTTP - HTTP URL - FTP - TFTP - Payload (Protocol independent) - STDOUT Discovered Vulnerabilities ========================== - HTTP (4 security advisories) * MultiThreaded HTTP Server @ http://www.inj3ct0r.com/exploits/11894 * Wing FTP Server v3.4.3 @ http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt * Yaws 1.89 * Mongoose 2.11 - FTP (2 security advisories) * VicFTPS v5.0 @ http://www.inj3ct0r.com/exploits/12131 * Home FTP Server vr1.11.1 (build 149) @ http://www.exploit-db.com/exploits/15349 - TFTP (2 security advisories) * TFTP Desktop 2.5 @ http://www.exploit-db.com/exploits/14857 * TFTPDWIN v0.4.2 @ http://www.exploit-db.com/exploits/14856 Download ======== Official site: http://dotdotpwn.sectester.net Mirror site: http://chatsubo-labs.blogspot.com Contact ======= Contact: dotdotpwn@...tester.net Vote for DotDotPwn as tool for next BackTrack release!! -> http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists