About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Directory Traversal in IPConfigure Orchid - 74

NettitudePosted 6 Years Ago
  • IPConfigure Orchid Core VMS
  • By simply URL encoding the ../ to be %2e%2e%2f it was possible to traverse the entire file system in order to read arbitrary files.
  • The discovery is the most interesting part though! Initially, when trying to read /etc/shadow on a Linux server an error message appeared: Could not locate resource /etc/shadow. Because of this, they URL encoded everything... Then, it came through!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed