Stupid question

Discuss the many weaknesses of browser security and ways to mitigate the threat

Stupid question

Post by singur on Wed Jun 24, 2009 5:13 pm
([msg=25890]see Stupid question[/msg])

Is it possible to inject a null-byte/encoded hex caracter into a request filename?
Based on my seems to be impossible...but i read in some places that this is possible.
Source used for tests:
Code: Select all
<form method="POST" enctype="multipart/form-data">
    <input type="file" name="f1" />
    <input type="submit" value="send" />
echo rawurlencode($_FILES['f1']['name']);

Tried to do it in many different ways...
Thanks in advance...
And...could someone please get me a real bruteforce algorithm?

Ps: brazilian dude over here...sorry for my ridiculous english.
New User
New User
Posts: 2
Joined: Wed Jun 24, 2009 5:02 pm
Blog: View Blog (0)

Re: Stupid question

Post by thedotmaster on Mon Jul 20, 2009 8:42 am
([msg=27033]see Re: Stupid question[/msg])

Maybe you mean something like this:

Code: Select all

If you wanted to open .htaccess for example, script.php?file=.htaccess would try to open .htaccess.txt
A null byte is added on the end of the filename and php detects this as the end of the string.

Is that what you meant?
User avatar
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests