Collaborate Disseminate
For Linux, if we want to test local file inclusion we always search for /etc/passwd
For old versions of Windows, (e.g. Windows XP) we search for win.ini
What file should I search for in later versions of Windows that is readable and alway… Continue reading Windows file to look for to test LFI
How can I prevent directory traversal attacks in a bash script, where arguments contain directory names?
Example:
$STAGE=$1
$APP=$2
deploy.sh dist/ /opt/apps/"$STAGE"/"$APP"
The $STAGE and $APP variables are set from o… Continue reading Prevent directory traversal vulnerability in bash script [migrated]
I am working on a project which requires the name of the page as a query parameter ‘path’. The app stores path variable as res.query.path. My manager asked me to pay attention to LFI, so I’m concerned about it. The app is using Express.JS,… Continue reading Local file inclusion in JS app [closed]
I am in the process of looking for a specific keyword on a particularly large website with lots of pages. I’m thinking I’d have better luck if I have a way to see the links within the website. If I want to see all links under a website, f… Continue reading Can DirBuster list all website links or information displayed on a static website?
I am using the Burp Intruder to fuzz for Directory Traversal attack and I saw that one of the req was successful by the length of the response analyzed, but the payload was a huge list and I want to pause the attack halfway. But all I coul… Continue reading Is there a way to pause the Burp Suite Intruder midway in an attack fuzzing?
I am curious as to how bug hunters / pen testers use DirBuster and GoBuster without getting their IPs banned all the time (which is why I am asking)?
I’m working on a flask application which requires some authentication but not on every endpoint.
I use this piece of code to exclude certain endpoints from my authentication handler.
if request.path in NO_AUTH_PATHS or (re.m… Continue reading Circumventing authentication by relative path in flask
I’m developing a software development utility that needs to have the ability to run in any subdirectory (the results apply to the whole project). In particular, if I do:
cd ~/project/submodule/dir/ec/to/ry
utility
…then … Continue reading Is it safe to traverse directories upwards, reading Turing-complete files?
I’m familiar about a tool called DirBuster which allows to enumerate files and directories on a server. Is there any tool which allows to enumerate servers internal (non-public) files and directories, e.g. through some LFI/pa… Continue reading Tools for file system enumeration (LFI/directory traversal exploitation) [on hold]
This is part of a old CTF question which I’ve had trouble solving. I’m not sure what approach to take.
I’m given a single site:
http://user:token@host:port/public/index.php
the flag is in /tmp/flag.txt
Index.php is basica… Continue reading How do I escape webapp root directory in a php website?