Sometimes, developer's just create some "generic" filters in order to prevent security issues, like the ones related to web technolgies such as XSS, SQLi or Directory traversals, but not all the times they take care about the obscure strings that an attacker can use to bypass many those weakest filters. With the use of DotDotPwn tool, we can confirm if a Directory traversal attack can be performed -even- if an HTTP/FTP server has already implemented any kind of filter against this attack and knowing *ALL* the available attack strings, developers can strength their web application/client-server filters.
DotDotPwn is a simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads.
DotDotPwn Features:
* Detects Directory traversal vulnerabilities on remote HTTP/FTP server systems.
* DotDotPwn checks the presence of boot.ini on the vulnerable systems through Directory traversal vulnerabilities, so it is assumed that the tested systems are Windows based HTTP/FTP servers.
* Currently, the traversal database holds 871 attack payloads. Use the -update flag to perform an online fresh update.
DotDotPwn requirements:
* Perl with support of HTTP::Lite and Net::FTP modules (these can be easily downloaded from the CPAN site - http://search.cpan.org/)
Using DotDotPwn:
Untar the package using command: tar -zxvf ddpwn.tar.gz
type the following command to run the directory traversal vulnerabilities test against web server:
perl ddpwn.pl -hhtp 192.168.1.2
Read more about DotDotPwn - here
source:http://linuxpoison.blogspot.com/2010/10/135781677518024.html