LFI Local File Inclusion hack
So, let's say we wrote ourselves a little shell script to check for host vulnerable to LFI from something like the wordpress module wp-config.php
or something similiar.
Once we have a vulnerable host, we can now do things like adding this to
end of the module path
wp-config.php?file=../../../../../etc/passwd to see all the user
On 2021-03-20 22:27, gh0stanon wrote:
LFI Local File Inclusion hack
So, let's say we wrote ourselves a little shell script to check for host
vulnerable to LFI from something like the wordpress module wp-config.php
or something similiar.
Once we have a vulnerable host, we can now do things like adding this to
end of the module path
wp-config.php?file=../../../../../etc/passwd to see all the user
nearly every web server I know of won't allow you to access the file
system by use of '../'
On 2021-03-20 22:27, gh0stanon wrote:
LFI Local File Inclusion hack
So, let's say we wrote ourselves a little shell script to check for host
vulnerable to LFI from something like the wordpress module wp-config.php
or something similiar.
Once we have a vulnerable host, we can now do things like adding this to
end of the module path
wp-config.php?file=../../../../../etc/passwd to see all the user
nearly every web server I know of won't allow you to access the file
system by use of '../'
On 2021-03-22, Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
On 2021-03-20 22:27, gh0stanon wrote:
LFI Local File Inclusion hack
So, let's say we wrote ourselves a little shell script to check for host >>> vulnerable to LFI from something like the wordpress module wp-config.php >>> or something similiar.
Once we have a vulnerable host, we can now do things like adding this to >>> end of the module path
wp-config.php?file=../../../../../etc/passwd to see all the user
nearly every web server I know of won't allow you to access the file
system by use of '../'
with LFI enabled you can. LFI could not work without being able to
Hope that helps
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 43:24:23 |
Calls: | 6,648 |
Files: | 12,193 |
Messages: | 5,329,636 |