[Oisf-devel] Directory Traversal not fire when are encoded ?
Rm Kml
rmkml at yahoo.fr
Sat Jul 7 21:26:17 UTC 2012
Hi,
First, Congrats All for Suricata v1.3 !
Im continue my testing, and maybe discovered then Suricata not fire when dir traversal are encoded like this:
GET /sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E//etc/vmware/hostd/vmInventory.xml HTTP/1.1
(Thx Nmap Scripting Engine [nse])
Someone confirm this please? (if yes Im open a new redmine ticket)
ok if I create this rule:
... content:"../"; http_uri; ...
1) Suricata fire with "GET /sdk/../..."
2) Suricata not fire with (simple encoded) "GET /sdk/%2E%2E/..."
3) Suricata fire with (double encoded) "GET /sdk/%252E%252E%252F..."
Regards
Rmkml
http://www.twitter.com/rmkml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120707/533a14e0/attachment-0002.html>
More information about the Oisf-devel
mailing list