[WEB SECURITY] ../ filtered
shlominar at gmail.com
Tue Feb 16 01:41:16 EST 2010
Soon I'll upload to my blog <http://narkolayev-shlomi.blogspot.com/> new
1400 variants for directory traversal.
*From:** Beatriz Duran [mailto:beatrizdrn at yahoo.com]
Sent: Monday, February 15, 2010 9:43 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered*
Hi, I need to find a vulnerability in a url that could be exploited for
directory traversal and LFI; the page is working with PHP but it is
filtering /../ and also /%2e%2e/, because the pace is using ISO for Latin
characters I can't use unicode extended because it reinterpret with other
values; is there another way to work around the filter?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity