Get the latest tech news
WorstFit: Unveiling Hidden Transformers in Windows ANSI
📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help
Through our work, we successfully transformed this feature into several practical attacks, including Path Traversal, Argument Injection, and even RCE, affecting numerous well-known applications! But this time, we’re taking big steps forward – showing how those sneaky Best-Fit conversions can operate on a system-wide level, leading to even more impactful exploits, all unfolding right under your nose. By crafting a URL like/cgi.pl/%E0dmin, an attacker can bypass the Nginx rule, as the server interprets it as a different path, but Perl’s CGI script retrieves the PATH_INFO environment variable with ANSI API, and processes it as/admin after the Best-Fit conversion.
Or read this on Hacker News
/cdn.vox-cdn.com/uploads/chorus_asset/file/25040001/rogallyxboxapp_twarren.jpg)