From a0bd430087b3cdbd907cc6e0dfba30fc54110713 Mon Sep 17 00:00:00 2001
From: d33tah <d33tah@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 10 Sep 2013 23:42:59 +0000
Subject: [PATCH] Fix path traversal. Dots are escaped by % in Lua, not by \.

---
 ncat/scripts/httpd.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ncat/scripts/httpd.lua b/ncat/scripts/httpd.lua
index 825f85e29..909db1cd9 100644
--- a/ncat/scripts/httpd.lua
+++ b/ncat/scripts/httpd.lua
@@ -315,8 +315,8 @@ first_char = resource:sub(0, 1)
 --(Windows drive names are not welcome too.)
 drive = resource:match("^([a-zA-Z]):")
 if first_char == "." or first_char == "/" or first_char == "\\" or drive
-        or resource:find("/\\.\\./?") or resource:find("\\\\.\\.\\?")
-        or resource:find("/?\\.\\./") or resource:find("\\?\\.\\.\\") then
+        or resource:find("/%.%./?") or resource:find("\\%.%.\\?")
+        or resource:find("/?%.%./") or resource:find("\\?%.%.\\") then
     do_403() --no hidden Unix files or simple directory traversal, sorry!
 end