Skip to content

Commit

Permalink
Path Traversal: Itemize encoding examples (OWASP#332)
Browse files Browse the repository at this point in the history 
makes it easier to read on webpage
  • Loading branch information
@RasmusWL
RasmusWL authored Dec 3, 2020
1 parent 6033897 commit a643bd7
Showing 1 changed file with 11 additions and 10 deletions.
21 changes: 11 additions & 10 deletions pages/attacks/Path_Traversal.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,23 +59,24 @@ See the [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing

Encoding and double encoding:

`%2e%2e%2f` represents `../`
`%2e%2e/` represents `../`
`..%2f` represents `../ `
`%2e%2e%5c` represents `..\`
`%2e%2e\` represents `..\ `
`..%5c` represents `..\ `
`%252e%252e%255c` represents `..\ `
`..%255c` represents `..\` 
- `%2e%2e%2f` represents `../`
- `%2e%2e/` represents `../`
- `..%2f` represents `../ `
- `%2e%2e%5c` represents `..\`
- `%2e%2e\` represents `..\ `
- `..%5c` represents `..\ `
- `%252e%252e%255c` represents `..\ `
- `..%255c` represents `..\` 

and so on.

#### Percent encoding (aka URL encoding)

Note that web containers perform one level of decoding on percent
encoded values from forms and URLs.

`..%c0%af` represents `../ `
`..%c1%9c` represents `..\ `
- `..%c0%af` represents `../ `
- `..%c1%9c` represents `..\ `

#### OS specific

Expand Down

0 comments on commit a643bd7

Please sign in to comment.