Friday, October 24, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 29   
  • · Total Members: 16,733
  • · Newest Member: Lokesh D S
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Advanced Challenges
    Advanced level 4
    Register FAQ Members List Today's Posts Search

    Print Thread
    02-04-2014 07:26 AM Advanced level 4 | Edited by buglu 02-04-2014 07:28 AM
    Yes I understand this is already my second post in the advanced category.

    I already did my research on LFI for 3 days straight now and (think) i actually understand it.

    I understand how it works, what you could do with it. But for now i have only read about the nullbyte, where i have a question about also, but i read nothing about getting the ../ filtered out. Now i do understand that this is not really something that has to do with the LFI itself cuz it is a filter that does it.

    My question about the nullbyte is: is \00 a valid nullbyte? Worked out for me because it deleted .php, but dont know if it ACTUALLY works

    So now my question actually is, how do i work around this filter, i already noticed what the WAF actually filters on, tried to work around the filter, by using other syntaxes . But that also failed....

    So now my question also is, is this a filter from PHP self, or just a handwritten filter that filters on a certain value. that last one could be made possible by preg match if i am right?

    As you see, i tried some things, but yeah didnt work out yet...

    I hope someone could give me a hint on what i am doing wrong, or could give me a good article about WAF bypassing.

    I know i maybe spoiled too much, but most of the information was already also in another thread...

    Greetings buglu
     
    Offline
    02-04-2014 07:57 AM RE: Advanced level 4
    The filter is straightforward.

    str_replace("../", "", $input);

    There's a simple way around it. Think about it.

    As for the null byte, it causes everything beyond it to be dropped. Not sure what your question is. The Null byte is simply the character with ASCII value 0.
     
    Offline
    02-04-2014 08:40 AM RE: Advanced level 4
    Abhinav2107 wrote:
    The filter is straightforward.

    str_replace("../", "", $input);

    There's a simple way around it. Think about it.

    As for the null byte, it causes everything beyond it to be dropped. Not sure what your question is. The Null byte is simply the character with ASCII value 0.


    ah str_replace, didnt heard of that filter option yet tbh...

    And my question actually was if "\00" has the same effect as "%00" but you anwsered it for me, thank you!
    Yes i tried using different syntaxes for the "/" dont know if i am doing it right this way?

    I will look futher into it i guess.

    Thank you for your help!
     
    Offline
    02-04-2014 08:51 AM RE: Advanced level 4
    Hey abhinav,

    Solved it actually directly after you posted it, thanks to your tip.

    Just needed to know the function that filtered it.

    Thank you again.
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard