Re: LFI with limitation
- From: Danux <danuxx@xxxxxxxxx>
- Date: Fri, 21 May 2010 17:32:04 -0500
How do you know it is vulnerable then?
Try %2500
%%0000
so on...
On Fri, May 21, 2010 at 5:00 AM, Jacky Jack <jacksonsmth698@xxxxxxxxx> wrote:
Hi
A URL is vulnerable to LFI but it's removing/stripping null character.
So, are there any ways to bypass it?
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
--
Daniel Regalado aka Danux
From NeZa to the World!!
www.macula-group.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- References:
- LFI with limitation
- From: Jacky Jack
- LFI with limitation
- Prev by Date: LFI with limitation
- Next by Date: Re: LFI with limitation
- Previous by thread: LFI with limitation
- Next by thread: Re: LFI with limitation
- Index(es):
Relevant Pages
|
