[WEB SECURITY] ../ filtered

Shlomi Narkolayev shlominar at gmail.com
Tue Feb 16 01:41:16 EST 2010

Try these:

Soon I'll upload to my blog <http://narkolayev-shlomi.blogspot.com/> new
1400 variants for directory traversal.

Kind Regards,
Narkolayev Shlomi.

*From:** Beatriz Duran [mailto:beatrizdrn at yahoo.com]
Sent: Monday, February 15, 2010 9:43 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered*

Hi, I need to find a vulnerability in a url that could be exploited for
directory traversal and LFI; the page is working with PHP but it is
filtering /../ and also /%2e%2e/, because the pace is  using ISO for Latin
characters I can't use unicode extended because it reinterpret with other
values; is there another way to work around the filter?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100216/69e178b8/attachment.html>

More information about the websecurity mailing list