January 26th, 2005, 05:55 AM
What is an arbitrary file?
Shoot me in the foot for askin this.. but what is an arbitrary file? ive been lookin it up and cant find a clear definition.
January 26th, 2005, 06:16 AM
Well lets say if im on a site and im just fooling around looking for a few CGI flaws because we all know what an ******* I am... one flaw found allowed me to retrieve arbitrary files from the web-server outside of its specified path.
January 26th, 2005, 01:38 PM
I don't think there is such a thing as an "arbitrary file" I think the context is like this:
arbitrary (file) deletion
arbitrary (file) overwriting
arbitrary (file) insertion
And so on..............I guess that makes "arbitrary an adverb or whatever, that is, it qualifies the action (verb), and not the object (noun, i.e. "file"), in which case it would be an adjectival pronoun.
Basically it means without negotiation/permission etc. For example, a lot of malware performs arbitrary actions on a system.
So one could have an "arbitrary" action, but a "mandatory" file. In both cases you have no choice
In TheSpecialist's example, he is "arbitrarily retrieving files"
EDIT: And in my next class we will do the gerund and gerundive
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
January 26th, 2005, 02:06 PM
To test if a file is an arbitary file hover the mouse over the filename and click the ANY key.
If you fail to get a dialogue message then it an be assumed that that file is an aribtary file.
Sorry, couldn't resist
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
January 26th, 2005, 04:44 PM
An arbitrary file really means, AFAIK, any file on the system. The reason for the word aribtrary is it usually means "outside the scope of the vulnerable application."
So if i'm running a web site that has some vulnerability allowing access to modify the files that are a part of the web site, they're not "arbitrary" files. If I can access any file that may be on the box, those are arbitrary.
Now that i've written all of that, those of you with more experience please tell me how correct it is.
January 26th, 2005, 05:05 PM
Timmy, you've got the gist of it. s0nIc, I think you've misunderstood the semantics of the word as it was used. "This exploit allows arbitrary access to the system."
Main Entry: ar·bi·trary
<<snip less helpful definitions>>
3 b : existing or coming about seemingly at random or by chance or as a capricious and unreasonable act of will <when a task is not seen in a meaningful context it is experienced as being arbitrary -- Nehemiah Jordan>
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore