[WEB SECURITY] ../ filtered
beatrizdrn at yahoo.com
Tue Feb 16 09:40:24 EST 2010
I tried those already; but they and the ones with ".." are rejected, the variable is verifying the string before running it and with the combination:
%252e%252e/FILENAME happens this:
The 25s are removed, the so the %2e%2e are left but transformed in pure text so the page reports that the directory %2e%2e doesn't exist; but if I apply purely viewfiles.php?folder=%2e%2e/ the page reject them and say .. are not allowed.
I Have Learned So much from God That I can no longer Call Myself A Christian, a Hindu, a Muslim A Buddhist, a Jew. The Truth has shared so much of Itself With me That I can no longer call myself A man, a woman, and angel Or even pure Soul. Love has Befriended Hafiz so completely It has turned to ash And freed Me Of every concept and image My mind has ever known. –Hafiz, Persian poet (1315 – 1390)
From: Shlomi Narkolayev <shlominar at gmail.com>
To: beatrizdrn at yahoo.com; websecurity at webappsec.org
Sent: Tue, February 16, 2010 12:41:16 AM
Subject: RE: [WEB SECURITY] ../ filtered
Soon I'll upload to my blog new 1400 variants for directory traversal.
From:Beatriz Duran [mailto:beatrizdrn at yahoo.com]
Sent: Monday, February 15, 2010 9:43 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ../ filtered
Hi, I need to find a vulnerability in a url that
could be exploited for directory traversal and LFI; the page is working with
PHP but it is filtering /../ and also /%2e%2e/, because the pace is using
ISO for Latin characters I can't use unicode extended because it reinterpret
with other values; is there another way to work around the filter?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity