Re: LFI with limitation



How do you know it is vulnerable then?

Try %2500
%%0000
so on...

On Fri, May 21, 2010 at 5:00 AM, Jacky Jack <jacksonsmth698@xxxxxxxxx> wrote:
Hi

A URL is vulnerable to LFI but it's removing/stripping null character.


So, are there any ways to bypass it?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





--
Daniel Regalado aka Danux
From NeZa to the World!!

www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages