Via Ha.ckers.org -
Michael Schramm posted about another way to do image filter bypassing using alternate file streams on NTFS file systems. Pretty cool stuff (thinking outside the box of what a file really means on different systems).
-----------------------
Here is Michael's blog entry translated into English. This is very interesting indeed and looks like a great way to get around all those file upload blacklist on applications running on Windows 2000/2003 servers.
foo.php = Blacklisted
foo.php:$DATA = Not Blacklisted and Read by the OS as "foo.php"
No comments:
Post a Comment