How To Find Directory Traversal Vulnerability using dotdotpwn - Hacktube5 - Bug Bounty

How To Find Directory Traversal Vulnerability using dotdotpwn

Hello All

I am back on web application testing and bug bounty tutorials we already discuss about sql injection and cross site scripting (xss) So now let’s talk about directory traversal which is also a critical vulnerability let’s take a look how we can found this vulnerability using dotdotpwn which is good tool to find directory traversal vulnerability so let’s begins

So let’s install dotdotpwn in our kali linux just type a command : sudo apt-get install dotdotpwn

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc1-300x65.png?resize=462%2C68&ssl=1" width="462" height="68" border="0" data-original-height="68" data-original-width="316" data-recalc-dims="1" />

Hit <ENTER> and it will be installed

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc2-300x99.png?resize=461%2C106&ssl=1" width="461" height="106" border="0" data-original-height="209" data-original-width="631" data-recalc-dims="1" />

Now scan some website before let’s type a help command to see how we can use this tool

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc3-300x192.png?resize=469%2C205&ssl=1" width="469" height="205" border="0" data-original-height="638" data-original-width="995" data-recalc-dims="1" />

Now we have guide to use this so let’s start scanning choose any website where you wanna test i have for testing i have choose test website : http://testphp.vulnweb.com/search.php?test=query

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc4-300x146.png?w=320&ssl=1" border="0" data-original-height="355" data-original-width="729" data-recalc-dims="1" />

So for testing remove hello from search query and add TRAVERSAL just like this

http://testphp.vulnweb.com/search.php?test=TRAVERSAL

And type command : dotdotpwn -m http-url -u http://testphp.vulnweb.com/search.php?test=TRAVERSAL -k “root:”

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc5-300x24.png?w=320&ssl=1" border="0" data-original-height="61" data-original-width="778" data-recalc-dims="1" />

It will ask you to stop and scan so just hit <ENTER>

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc6-300x263.png?resize=427%2C281&ssl=1" width="427" height="281" border="0" data-original-height="645" data-original-width="735" data-recalc-dims="1" />

Scanning will be start

<img data-lazy-fallback="1" decoding="async" src="https://i0.wp.com/www.hacktube5.tech/wp-content/uploads/2021/06/direc7-300x176.png?resize=467%2C188&ssl=1" width="467" height="188" border="0" data-original-height="434" data-original-width="738" data-recalc-dims="1" />

Thanks for reading

Follow me : https://twitter.com/HackTube5

Related

Tags: directory path traversal attack, directory traversal, directory traversal attack, directory traversal bug, directory traversal linux command, directory traversal payloads, dotdotpwn examples, how to prevent directory traversal attack, what is directory traversal attack, windows directory traversal

Leave a Reply Cancel reply