Character questions (fwd)

[zeno <bugtraq () cgisecurity net>]

Seems owasp didn't have an answer. Comment appreciated.

- zeno () cgisecurity com


> Hello,
>
> I wrote a few months ago a paper called "fingerprinting port 80 attacks".
> I am 80 percent done with a part 2 to this paper which is so far roughly 15 pages.
>
> I had a few questions on some characters I'm trying to find "practicle" examples
> for.
>
>    " ^" carrot
>
> I haven't been able to find any practicle example of an attack with this. 
> Anyone got suggestions?
>
>
> [ and ]
>
> These other characters I also haven't seen a practicle example of.
> Sure someone could execute a command simialar to rm [a-f]* but I'm curious
> if anyone has a better example of usage of these characters in an attack.
> Another example would be if source code was being uploaded (echod into a tmp file
> and executed to help trojan a box) this could then show up but I'm looking for i
> a better example if one exists.
>
>
> +
>
> I haven't found a good example of this character being used in an attack.
> Also I haven't found any documentation so I'm asking the list on this one.
>
>
> Thanks owasp
>
> - zeno () cgisecurity com