|
Note that this
is a manual attack. First link is the original request. The hacker focuses on
the file parameter, playing with it and modifying it until he/she understands
its behavior. Then, the last three requests are actual attacks. Note the use
of .. and %00. Note that session is maintained (TCP, ASINFO) since the
attacker uses the browser, but the Referer is not present.
|
