Ciao
Ci sono molti caratteri codificati in codici ascii
Default.asp/P%u0041G%u0045S%u0045RV%u0049C%u0045S
Default.asp/%u0049C%u004FN=/aaaaaa/../USR/./L%u004FC%u0041L/ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
a/../ KD%u0045\SH%u0041R%u0045\\%u0049C%u004FN
S\\\H%u0049C%u004FL%u004FR///32X32/M%u0049M%u0045TYP%u0045S/%u0049M%u0041G%u0045%u002EPNG
Risultato:
Default.asp/PAGESERVICES
Default.asp/ICON=/aaaaaa/../USR/./LOCAL/ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
a/../ KDE\SHARE\\ICON
S\\\HICOLOR///32X32/MIMETYPES/IMAGE.PNG
Default.asp/WP-F%u004FRC%u0045-%u0041UTH
Risultato
Default.asp/WP-FORCE-AUTH
Default.asp/WP-HTML-R%u0045ND
Risultato
Default.asp/WP-HTML-REND
Default.asp/WP-ST%u0041RT-V%u0045R
Risultato
Default.asp/WP-START-VER
Default.asp/WP-UNCH%u0045CK%u004FUT
Risultato
Default.asp/WP-UNCHECKOUT
Default.asp/WP-USR-PR%u004FP
Risultato
Default.asp/WP-USR-PROP
Default.asp/WP-V%u0045R-D%u0049FF
Risultato
Default.asp/WP-VER-DIFF
Default.asp/WP-V%u0045R-%u0049NF%u004F
Risultato
Default.asp/WP-VER-INFO
Default.asp/WP-V%u0045R%u0049FY-L%u0049NK
Risultato
Default.asp/WP-VERIFY-LINK
Vai su http://www.google.it/
Ed inserisci tutto quello che sta dopo Default/
Vedi i risultati relativi agli attacchi
Massimo