{
"status": "assigned",
"changetime": "2013-06-17T15:44:46",
"description": "A vulnerability was found in the way as the URI are validated. The plugin check the configuration rules against possible encoded URIs.\n\n\nPoC\n---\n\nConfiguration sample:\n[RULES]\n Deny_URL /test/\n\nTo bypass such rule, we just need to make a request like:\n http://yourhost/%2ftest/\n",
"reporter": "felipensp",
"cc": "",
"resolution": "",
"_ts": "1371483886187070",
"component": "Security Plugin",
"summary": "Bypass protected directory by Monkey HTTPD - Mandril security plugin",
"priority": "major",
"keywords": "",
"version": "",
"time": "2013-06-14T17:17:38",
"milestone": "",
"owner": "edsiper",
"type": "defect"
}
The text was updated successfully, but these errors were encountered:
A vulnerability was found in the way as the URI are validated. The plugin check the configuration rules against possible encoded URIs.
PoC
Configuration sample:
[RULES]
Deny_URL /test/
To bypass such rule, we just need to make a request like:
http://yourhost/%2ftest/
Migrated from http://bugs.monkey-project.com/ticket/186
{ "status": "assigned", "changetime": "2013-06-17T15:44:46", "description": "A vulnerability was found in the way as the URI are validated. The plugin check the configuration rules against possible encoded URIs.\n\n\nPoC\n---\n\nConfiguration sample:\n[RULES]\n Deny_URL /test/\n\nTo bypass such rule, we just need to make a request like:\n http://yourhost/%2ftest/\n", "reporter": "felipensp", "cc": "", "resolution": "", "_ts": "1371483886187070", "component": "Security Plugin", "summary": "Bypass protected directory by Monkey HTTPD - Mandril security plugin", "priority": "major", "keywords": "", "version": "", "time": "2013-06-14T17:17:38", "milestone": "", "owner": "edsiper", "type": "defect" }The text was updated successfully, but these errors were encountered: