Poison Null Bytes don't work for me.

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

Poison Null Bytes don't work for me.

Post by 00011100 on Thu Feb 02, 2012 9:50 am
([msg=64086]see Poison Null Bytes don't work for me.[/msg])

So I was reading some about poison null bytes and decided to try it out on my own computer.

I made a bawrl.txt and a bawrl.html and gave them contents that identify their extension and I made this script:
Code: Select all
#!/usr/bin/perl

print "Content-type: text/plain\n\n";

my $url=$ENV{"QUERY_STRING"}.".txt";
print "$url \n";
open (FILE ,"$url");
while (<FILE>) {
        print $_;
}


Which is ment to be vulnerable to poison null bytes.

Then I called it with this url from Firefox :
Code: Select all
127.0.0.1/cgi-bin/test.pl?bawrl.html%00


I was expecting that it would open bawrl.html, but it doesn't. What is also weird is that it outputs 2 different things when I call it twice in a row.

It either outputs this:
Code: Select all
bawrl.html%00.txt

or this:
Code: Select all
bawrl.html.txt


So sometimes it ignores the zero byte but adds what comes after that and sometimes it does add the %00.

I'm a little confused can someone tell me what is going on , please?
00011100
New User
New User
 
Posts: 1
Joined: Sun Jun 06, 2010 10:18 am
Blog: View Blog (0)


Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests

cron