Fw: [WEB SECURITY] ../ filtered

Beatriz Duran beatrizdrn at yahoo.com
Tue Feb 16 09:26:51 EST 2010





Sure I did, but the only presence of ".." is blocked;




 I    Have    Learned    So much from God    That I can no longer    Call    Myself A Christian, a Hindu, a Muslim    A Buddhist, a Jew.    The Truth has shared so much of Itself   With me  That I can no longer call myself     A man, a woman, and angel    Or even pure    Soul.   Love has    Befriended Hafiz so completely    It has turned to ash    And freed    Me    Of every concept and image    My mind has ever known. –Hafiz, Persian poet (1315 – 1390)




________________________________
From: Marcin Wielgoszewski <marcinw86 at gmail.com>
To: Beatriz Duran <beatrizdrn at yahoo.com>
Sent: Tue, February 16, 2010 7:45:44 AM
Subject: Re: [WEB SECURITY] ../ filtered

Have you tried ....// ?  If it does a simple match and replace on ../, you may be able to smuggle it through that way.

-Marcin


On Mon, Feb 15, 2010 at 4:22 PM, Beatriz Duran <beatrizdrn at yahoo.com> wrote:


>Chris,
>
>Thanks, but the variable takes the data and transforms it in the corresponding text by the 8859-1;
>
>
>
>
>
>
>
> I    Have    Learned    So much from God    That I can no longer    Call    Myself A Christian, a Hindu, a Muslim    A Buddhist, a Jew.    The Truth has shared so much of Itself   With me  That I can no longer call myself     A man, a woman, and angel    Or even pure    Soul.   Love has    Befriended Hafiz
> so completely    It has turned to ash    And freed    Me    Of every concept and image    My mind has ever known. –Hafiz, Persian poet (1315 – 1390)
>
>
>
>
>
________________________________
From: Chris Weber <chris at casabasec.com>
>To: Beatriz Duran <beatrizdrn at yahoo.com>; websecurity at webappsec.org
>Sent: Mon, February 15, 2010 2:07:38 PM
>Subject: RE: [WEB SECURITY] ../ filtered
>
>
>
>>
>I know you say they’re using ISO (8859-1 presumably), but there
>still  may be Unicode support internally.  I’d try these variations.
> 
>Normalization compatibility forms:
>U+2024 U+2024 U+FF0F
>%E2 %80 %A4 %E2 %80 %A4 %EF %83 %BF
>․․/
> 
>Best-fit mapping Windows-1252 (similar for ISO-8859-1):
>U+FF0E U+FF0E U+2215
>%EF %BC %8E %EF %BC %8E %E2 %88 %95
>..∕
> 
>UTF-8 overlong: 
>U+002E U+002E U+002F
>%C0 %AE %C0 %AE %C0 %AF%
>../
> 
> 
>-Chris Weber
> 
>>
>>
>From:Beatriz Duran
>[mailto:beatrizdrn at yahoo.com] 
>Sent: Sunday, February 14, 2010 11:43 PM
>To: websecurity at webappsec.org
>Subject: [WEB SECURITY] ../ filtered
> 
>>
>Hi,
>I need to find a vulnerability in a url that could be exploited for directory
>traversal and LFI; the page is working with PHP but it is filtering /../ and
>also /%2e%2e/, because the pace is  using ISO for Latin characters I can't
>use unicode extended because it reinterpret with other values; is there another
>way to work around the filter?
> 
>


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100216/29623874/attachment.html>


More information about the websecurity mailing list