Results 1 to 3 of 3

Thread: Local File Include and ModSecurity

  1. #1
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default Local File Include and ModSecurity

    Hello there,

    I'm doing a pentest on web application, this have a local file include, but, web app have a modsecurity.

    I tried bypass filter using double url encoding, but without success.
    Someone can help me ?

    Any direction are appreciated.

    Cheers,
    "If you aim the gun at your foot and pull the trigger, it's
    UNIX's job to ensure reliable delivery of the bullet to
    where you aimed the gun (in this case, Mr. Foot)."

  2. #2
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Local File Include and ModSecurity

    Do you have any more information about the modsecurity? Version? Filter information?

    This may be useful if they are using a version prior to 2.1 http://www.juniper.net/security/auto...vuln22831.html

  3. #3
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default Re: Local File Include and ModSecurity

    No, I not have any information about version of modsecurity. but I think that this is updated, i'm playing with it, at point that he can be with default rules
    I'm trying harder.
    Thanks
    "If you aim the gun at your foot and pull the trigger, it's
    UNIX's job to ensure reliable delivery of the bullet to
    where you aimed the gun (in this case, Mr. Foot)."

Similar Threads

  1. [Video] Owning Sever through Local File Include
    By spawn in forum BackTrack Videos
    Replies: 1
    Last Post: 03-08-2011, 06:13 PM
  2. Replies: 3
    Last Post: 02-01-2011, 02:27 PM
  3. Replies: 1
    Last Post: 04-26-2010, 08:21 PM
  4. Replies: 0
    Last Post: 05-05-2008, 04:49 PM
  5. How to patch Remote File Include
    By Mister0 in forum OLD Pentesting
    Replies: 3
    Last Post: 10-26-2007, 07:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •