Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LFI with limitation

From: Paul Melson <pmelson () gmail com>
Date: Sat, 22 May 2010 07:35:41 -0400
On Fri, May 21, 2010 at 6:00 AM, Jacky Jack <jacksonsmth698 () gmail com> wrote:

A URL is vulnerable to LFI but it's removing/stripping null character.


So, are there any ways to bypass it?


Maybe.  It depends on the vulnerable code and the mechanism being used
to strip the null byte. I would try different ways of encoding the
attack to see if you can bypass the WAF or whatever it is that's
dropping the null byte.  Gunter Ollmann has a good overview of
encoding attacks in a paper he wrote here:

http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html

Specifically, read the sections on URI encoding and unicode attacks.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: