You are currently viewing How To Find Directory Traversal Vulnerability using dotdotpwn

How To Find Directory Traversal Vulnerability using dotdotpwn

Hello All

I am back on web application testing and bug bounty tutorials we already discuss about sql injection and cross site scripting (xss) So now let’s talk about directory traversal which is also a critical vulnerability let’s take a look how we can found this vulnerability using dotdotpwn which is good tool to find directory traversal vulnerability so let’s begins

So let’s install dotdotpwn in our kali linux just type a command : sudo apt-get install dotdotpwn 

Hit <ENTER> and it will be installed

Now scan some website before let’s type a help command to see how we can use this tool

Now we have guide to use this so let’s start scanning choose any website where you wanna test i have for testing i have choose test website : http://testphp.vulnweb.com/search.php?test=query

So for testing remove hello from search query and add TRAVERSAL just like this

http://testphp.vulnweb.com/search.php?test=TRAVERSAL

And type command : dotdotpwn -m http-url -u http://testphp.vulnweb.com/search.php?test=TRAVERSAL -k “root:”

 

It will ask you to stop and scan so just hit <ENTER>

Scanning will be start

Thanks for reading

Follow me : https://twitter.com/HackTube5

Leave a Reply