Penetration Testing mailing list archives
Re: LFI with limitation
From: Danux <danuxx () gmail com>
Date: Fri, 21 May 2010 17:32:04 -0500
How do you know it is vulnerable then? Try %2500 %%0000 so on... On Fri, May 21, 2010 at 5:00 AM, Jacky Jack <jacksonsmth698 () gmail com> wrote:
Hi A URL is vulnerable to LFI but it's removing/stripping null character. So, are there any ways to bypass it? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Daniel Regalado aka Danux
From NeZa to the World!!
www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- LFI with limitation Jacky Jack (May 21)
- Re: LFI with limitation Danux (May 24)
- Re: LFI with limitation Paul Melson (May 24)
- Message not available
- Re: LFI with limitation Jacky Jack (May 24)