37
Attack Detection - Path
• Target of attacks: show source, directory browsing, escape virtual root (download files, execute scripts), buffer overflow, cross site scripting
•
• Log manifestation:
•Direct canonization problems - .. and .
•Tricks with \ (for Win32)
•URL encoding - %2e instead of “.”, %70 instead of “p”
•Double encoding - %252e instead of “.”
•UTF-8 overlong/invalid sequences
•Direct/indirect access to scripts/forbidden areas/files
•backup/old extensions
•Cross Site Scripting (<...>)
•Long values (overflow)
•etc etc etc
•
Anything which is not a good, simple and valid path in your application is suspicious.