[mod-security-users] The directory traversal problem
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] The directory traversal problem
|
From: Ulf H. <me...@op...> - 2004-01-08 11:37:22
|
I haven't tested this, but the following regexes should be helpful when trying to combat directory traversal: ^[/\] \.\. The first matches any string that begins with "/" or "\" characters (like in "/etc/passwd"). The second matches any string with two dots in a row (which of course disallows legitimate filenames like "ulfs.nice.document..doc", but it also catches malicious things like "../../../../../../etc/passwd"). Any other ideas? As Ivan wrote on webappsec, putting together a repository with regexes and other snippets for mod_security would be a good idea. // Ulf -- ___________________________________________________ Check out the latest SMS services @ http://www.operamail.com, which allows you to send SMS through your mailbox. Powered by Outblaze |
