Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TODO: Try including different files #48

Open
hansmach1ne opened this issue Feb 4, 2024 · 0 comments
Open

TODO: Try including different files #48

hansmach1ne opened this issue Feb 4, 2024 · 0 comments
Assignees
@hansmach1ne
Labels
enhancement New feature or request
Milestone
1.0

Comments

@hansmach1ne
Copy link
Owner

The issue is that /etc/passwd might be blocked by waf, so try to include modality that will use 'silent' payloads and include different files to confirm the vulnerability.

Also Java tends to not allow path traversal outside the web root, so implement something like /WEB-INF/web.xml or alike method of discovery...
@hansmach1ne hansmach1ne added the enhancement New feature or request label Apr 1, 2024
@hansmach1ne hansmach1ne self-assigned this Aug 7, 2024
@hansmach1ne hansmach1ne added this to the 1.0 milestone Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hansmach1ne hansmach1ne

Labels
enhancement New feature or request
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
1 participant
@hansmach1ne