[VIM] Webmin traversal - changelog
George A. Theall
theall at tenablesecurity.com
Tue Jul 11 16:50:46 EDT 2006
Steven M. Christey wrote:
> "*very*" is an understatement :
>
> So now the question is, what's happening here - why is the "%01" working?
> Is it getting removed entirely after the ".." check, or does the
> underlying OS just ignore the 0x01 byte?
Anything between octal 0 and 37 is being removed -- look at lines
1482-82 as well as the simplify_path() function in the version of
miniserv.pl included with 1.280.
For the plugin, I randomly picked a binary 1 and 10 directory traversal
sequences (which might be thought of as 60 sequences because of the way
I wrote the NASL code :-).
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list