[WEB SECURITY] ../ filtered
Chris Weber
chris at casabasec.com
Mon Feb 15 15:07:38 EST 2010
I know you say they’re using ISO (8859-1 presumably), but there still may be Unicode support internally. I’d try these variations.
Normalization compatibility forms:
U+2024 U+2024 U+FF0F
%E2 %80 %A4 %E2 %80 %A4 %EF %83 %BF
․․/
Best-fit mapping Windows-1252 (similar for ISO-8859-1):
U+FF0E U+FF0E U+2215
%EF %BC %8E %EF %BC %8E %E2 %88 %95
..∕
UTF-8 overlong:
U+002E U+002E U+002F
%C0 %AE %C0 %AE %C0 %AF%
../
-Chris Weber
From: Beatriz Duran [mailto:beatrizdrn at yahoo.com]
Sent: Sunday, February 14, 2010 11:43 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered
Hi, I need to find a vulnerability in a url that could be exploited for directory traversal and LFI; the page is working with PHP but it is filtering /../ and also /%2e%2e/, because the pace is using ISO for Latin characters I can't use unicode extended because it reinterpret with other values; is there another way to work around the filter?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100215/9296f56f/attachment.html>
More information about the websecurity
mailing list