![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
Re: LFI with limitation
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Sun, 23 May 2010 11:42:00 +0630
I've tried all. All such encoding attacks are blocked by mod_security or some firewalls, issuing Not Acceptable message. On Sat, May 22, 2010 at 4:47 AM, Ulisses Castro <uss.thebug () gmail com> wrote:
%2500 ? %252500? my two cents, Ulisses Castro On Fri, May 21, 2010 at 7:00 AM, Jacky Jack <jacksonsmth698 () gmail com> wrote:Hi A URL is vulnerable to LFI but it's removing/stripping null character. So, are there any ways to bypass it? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- LFI with limitation Jacky Jack (May 21)
- Re: LFI with limitation Danux (May 24)
- Re: LFI with limitation Paul Melson (May 24)
- Message not available
- Re: LFI with limitation Jacky Jack (May 24)