What is an arbitrary file?
Results 1 to 6 of 6

Thread: What is an arbitrary file?

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Question What is an arbitrary file?

    Shoot me in the foot for askin this.. but what is an arbitrary file? ive been lookin it up and cant find a clear definition.

  2. #2
    Banned
    Join Date
    Apr 2004
    Posts
    843
    Well lets say if im on a site and im just fooling around looking for a few CGI flaws because we all know what an ******* I am... one flaw found allowed me to retrieve arbitrary files from the web-server outside of its specified path.

    http://www.brainydictionary.com/word...ary131922.html

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Wotcher mate!

    I don't think there is such a thing as an "arbitrary file" I think the context is like this:

    arbitrary (file) deletion
    arbitrary (file) overwriting
    arbitrary (file) insertion

    And so on..............I guess that makes "arbitrary an adverb or whatever, that is, it qualifies the action (verb), and not the object (noun, i.e. "file"), in which case it would be an adjectival pronoun.

    Basically it means without negotiation/permission etc. For example, a lot of malware performs arbitrary actions on a system.

    So one could have an "arbitrary" action, but a "mandatory" file. In both cases you have no choice

    In TheSpecialist's example, he is "arbitrarily retrieving files"

    Cheers

    EDIT: And in my next class we will do the gerund and gerundive
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    To test if a file is an arbitary file hover the mouse over the filename and click the ANY key.
    If you fail to get a dialogue message then it an be assumed that that file is an aribtary file.


    Sorry, couldn't resist
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    97
    An arbitrary file really means, AFAIK, any file on the system. The reason for the word aribtrary is it usually means "outside the scope of the vulnerable application."

    So if i'm running a web site that has some vulnerability allowing access to modify the files that are a part of the web site, they're not "arbitrary" files. If I can access any file that may be on the box, those are arbitrary.

    Now that i've written all of that, those of you with more experience please tell me how correct it is.

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Timmy, you've got the gist of it. s0nIc, I think you've misunderstood the semantics of the word as it was used. "This exploit allows arbitrary access to the system."

    Main Entry: ar·bi·trary
    Pronunciation: 'är-b&-"trer-E
    Function: adjective
    <<snip less helpful definitions>>
    3 b : existing or coming about seemingly at random or by chance or as a capricious and unreasonable act of will <when a task is not seen in a meaningful context it is experienced as being arbitrary -- Nehemiah Jordan>
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides