[WEB SECURITY] ../ filtered

Beatriz Duran beatrizdrn at yahoo.com
Mon Feb 15 16:22:27 EST 2010


Thanks, but the variable takes the data and transforms it in the corresponding text by the 8859-1;

 I    Have    Learned    So much from God    That I can no longer    Call    Myself A Christian, a Hindu, a Muslim    A Buddhist, a Jew.    The Truth has shared so much of Itself   With me  That I can no longer call myself     A man, a woman, and angel    Or even pure    Soul.   Love has    Befriended Hafiz so completely    It has turned to ash    And freed    Me    Of every concept and image    My mind has ever known. –Hafiz, Persian poet (1315 – 1390)

From: Chris Weber <chris at casabasec.com>
To: Beatriz Duran <beatrizdrn at yahoo.com>; websecurity at webappsec.org
Sent: Mon, February 15, 2010 2:07:38 PM
Subject: RE: [WEB SECURITY] ../ filtered

I know you say they’re using ISO (8859-1 presumably), but there
still  may be Unicode support internally.  I’d try these variations.
Normalization compatibility forms:
U+2024 U+2024 U+FF0F
%E2 %80 %A4 %E2 %80 %A4 %EF %83 %BF
Best-fit mapping Windows-1252 (similar for ISO-8859-1):
U+FF0E U+FF0E U+2215
%EF %BC %8E %EF %BC %8E %E2 %88 %95
UTF-8 overlong: 
U+002E U+002E U+002F
%C0 %AE %C0 %AE %C0 %AF%
-Chris Weber
From:Beatriz Duran
[mailto:beatrizdrn at yahoo.com] 
Sent: Sunday, February 14, 2010 11:43 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered
I need to find a vulnerability in a url that could be exploited for directory
traversal and LFI; the page is working with PHP but it is filtering /../ and
also /%2e%2e/, because the pace is  using ISO for Latin characters I can't
use unicode extended because it reinterpret with other values; is there another
way to work around the filter?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100215/871c70f2/attachment.html>

More information about the websecurity mailing list