43
Hidden Field
Manipulation:
File Access
File Access
•Target:
write to/read from file on web server
•How:
change hidden file name in parameter value
•Log
manifestation: all tricks for “..”,
null byte, absolute path, missing Referer
•Variations:
–file=/etc/passwd
–file=../../../../../../etc/passwd
–file=../../../../../../etc/passwd%00.tmplt
–file=%c0%ae.\boot.ini
–file=/etc/passwd(00).tmplt
–... (we’ll see more in advanced topics)
•False
alarms: not likely (unless
application uses .. itself)
•Examples:
–File download
(file read) – next 2 slides
–Defacement
using hidden file parameter (file write)