[WEB SECURITY] ../ filtered

Beatriz Duran beatrizdrn at yahoo.com
Mon Feb 15 02:42:35 EST 2010


Hi, I need to find a vulnerability in a url that could be exploited for directory traversal and LFI; the page is working with PHP but it is filtering /../ and also /%2e%2e/, because the pace is  using ISO for Latin characters I can't use unicode extended because it reinterpret with other values; is there another way to work around the filter?



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100214/587f7664/attachment.html>


More information about the websecurity mailing list