2.Basic-bypasses

Key Takeaways:

Non-Recursive Path Traversal Filters:
- Exploiting filters that only replace ../ once.
- Bypasses: ....//, ..././, ....\/.
- Highlights the importance of recursive filtering.
Encoding:
- Bypassing filters that block specific characters (., /).
- Techniques: URL encoding (%2e%2e%2f), double encoding.
- Emphasizes the need for proper input decoding.
Approved Paths:
- Bypassing filters that restrict file inclusion to specific directories.
- Technique: Starting the payload with the approved path and then using path traversal.
- Shows how to combine bypass techniques.
Appended Extension:
- Addressing web applications that append extensions (e.g., .php).
- Path Truncation (Obsolete):
  - Exploiting length limitations in older PHP versions.
  - Technique: Creating long strings to truncate the appended extension.
  - Important to note that this is mostly historical information.
- Null Bytes (Obsolete):
  - Exploiting null byte injection vulnerabilities in older PHP versions.
  - Technique: Appending %00 to truncate the appended extension.
  - Also very important to note that this is mostly historical information.

Additional Considerations:

Real-World Scenarios:
- In real-world scenarios, web applications often combine multiple filters and protections.
- Attackers need to be creative and combine different bypass techniques.
Regular Expression Complexity:
- Complex regular expressions can sometimes introduce new vulnerabilities.
- Attackers may try to find edge cases or unexpected behavior in the regex.
WAF (Web Application Firewall) Bypasses:
- WAFs can also block LFI attacks.
- Attackers may use encoding, obfuscation, or other techniques to bypass WAF rules.
Modern PHP Security:
- Modern PHP versions have significantly improved security against LFI vulnerabilities.
- Developers should still follow best practices for input validation and sanitization.
Defense in Depth:
- Implementing multiple layers of security is crucial.
- This includes input validation, access controls, and regular security audits.
Testing:
- It is very important to test all user supplied input. Fuzzing tools can be very useful for this.
Least Privilege:
- File system permissions should follow the principle of least privilege. The web server should only have access to the files it absolutely needs.

Non-Recursive Path Traversal Bypass

### Using traversal bypass techniques
curl "http://example.com/?file=....//etc/passwd"

Encoding Bypass

### Using URL encoding to bypass restrictions
curl "http://example.com/?file=%2e%2e%2fetc/passwd"

PHP Wrappers for LFI

### Using PHP filter wrapper to read source code
curl "http://example.com/?file=php://filter/convert.base64-encode/resource=index.php"

Last updated 12 days ago

Key Takeaways:

Non-Recursive Path Traversal Filters:
- Exploiting filters that only replace ../ once.
- Bypasses: ....//, ..././, ....\/.
- Highlights the importance of recursive filtering.
Encoding:
- Bypassing filters that block specific characters (., /).
- Techniques: URL encoding (%2e%2e%2f), double encoding.
- Emphasizes the need for proper input decoding.
Approved Paths:
- Bypassing filters that restrict file inclusion to specific directories.
- Technique: Starting the payload with the approved path and then using path traversal.
- Shows how to combine bypass techniques.
Appended Extension:
- Addressing web applications that append extensions (e.g., .php).
- Path Truncation (Obsolete):
  - Exploiting length limitations in older PHP versions.
  - Technique: Creating long strings to truncate the appended extension.
  - Important to note that this is mostly historical information.
- Null Bytes (Obsolete):
  - Exploiting null byte injection vulnerabilities in older PHP versions.
  - Technique: Appending %00 to truncate the appended extension.
  - Also very important to note that this is mostly historical information.

Additional Considerations:

Real-World Scenarios:
- In real-world scenarios, web applications often combine multiple filters and protections.
- Attackers need to be creative and combine different bypass techniques.
Regular Expression Complexity:
- Complex regular expressions can sometimes introduce new vulnerabilities.
- Attackers may try to find edge cases or unexpected behavior in the regex.
WAF (Web Application Firewall) Bypasses:
- WAFs can also block LFI attacks.
- Attackers may use encoding, obfuscation, or other techniques to bypass WAF rules.
Modern PHP Security:
- Modern PHP versions have significantly improved security against LFI vulnerabilities.
- Developers should still follow best practices for input validation and sanitization.
Defense in Depth:
- Implementing multiple layers of security is crucial.
- This includes input validation, access controls, and regular security audits.
Testing:
- It is very important to test all user supplied input. Fuzzing tools can be very useful for this.
Least Privilege:
- File system permissions should follow the principle of least privilege. The web server should only have access to the files it absolutely needs.

Non-Recursive Path Traversal Bypass

### Using traversal bypass techniques
curl "http://example.com/?file=....//etc/passwd"

Encoding Bypass

### Using URL encoding to bypass restrictions
curl "http://example.com/?file=%2e%2e%2fetc/passwd"

PHP Wrappers for LFI

### Using PHP filter wrapper to read source code
curl "http://example.com/?file=php://filter/convert.base64-encode/resource=index.php"

Last updated 12 days ago