Collaborate Disseminate
I am performing White Box testing on Rails application with static code analyzing tools like brakeman, I came across an instance where the developer is loading images using file.open.
file = File.open(“#{Rails.root}/app/asse… Continue reading Rails File.open(#{Rails.root}) is vulnerable to LFI?
I developed an application using CodeIgniter and used some libraries from the composer.
So my Vendor directory was in the root directory of this application.
And attacker attacked phpunit/scr/php/util/ directory and injected… Continue reading Codeigniter Site hacked
I am curious what kind of sensitive files should I look for on a Windows server which is vulnerable to LFI compared to Linux?
I mean the first file or common files which a pentester or an unauthorized user will go for?
I a… Continue reading Local File Inclusion [ Post-Exploitation ]
I am currently trying to build an example of a host vulnerable to Remote File Inclusion vulnerabilities. I have a docker application which hosts 3 vulnerable websites, and in order to access them I have my hosts file set up a… Continue reading Metasploit Exploitation with Virtual Hosts (PHP_Include Exploit)
In recent black-box pen-test of a webapp hosted on CentOS, I found a vulnerability that allowed me to grab contents of files (kind of file inclusion) located within the home path of Tomcat.
In classic scenario, I tried to read /etc/passw… Continue reading Tomcat application arbitrary file read exploitation
I wonder how to patch the LFI problem in this code? Please suggest a good way to patch this vulnerability.
Is there any difference between those? Can we say that Server Side Request Forgery (SSRF) is a generalization of Remote File Inclusion (RFI) and Local File Inclusion (LFI)?
Continue reading What is the difference between RFI/LFI and SSRF?
I have found a SSRF on my friend’s site.
When I put http://scanme.nmap.org:5555 in an input box, it returns:
Get http://scanme.nmap.org:5555: dial tcp 46.34.32.156:5555: connect: connection refused
How can I read files by… Continue reading Remote SSRF leading to LFI? [closed]
I put a validation in my website that only read the input till the / character
My input:
http://myweb.com/personal/http://www.malicious.com
the web output:
<b>Warning</b>: include(./app/personal/controller/htt… Continue reading How to Bypass File Inclusion Validation that only read input until / character
I’ve been working on local file inclusions lately.
What are the wrappers good for (for example php:// or data://)?
What can I use the wrappers for and what other wrappers are available?
Continue reading LFI what are PHP wrappers good for? [on hold]