====== Contourner un firewall d'application web ====== IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. IPv4 is usually denoted as ... (ff.0.1.2). Can also be denoted as hex 0xff000102 or a number as in decimal notation. However, 4.2BSD's inet_aton() allowed IPs as decimal .<24bit-decimal> or ..<16bits-decimal>. So the last "1" gets dereferenced as a decimal notation and is hence actually the two octets 0.1 For the same reason 1.1.257 gets resolved to 1.1.1.1 as 257 is actually 0x0101 Source witter /0xInfection/status/1148267196306427904 http://0xC0A80001 or http://3232235521 => 192.168.0.1. Works with ping and others too. [[https://packages.debian.org/fr/sid/net/sipcalc|sipcalc]] is your friend.