LFI – Page 2 – WindowsTechs.com

How can I read local files from blind XSS?

Posted on December 30, 2020 by eyal

When I do one of these payloads, I can see /etc/passwd:
<iframe src=file:///etc/passwd></iframe>
<img src="xasdasdasd" onerror="document.write(‘<iframe src=file:///etc/passwd></iframe>’)"/>… Continue reading How can I read local files from blind XSS?→

How can you find the PHP version a website is using using LFI?

Posted on November 19, 2020 by 201120

If a website is vulnerable to Local File Inclusion (LFI), how can you use it to find out the PHP version? Is there any file which says the version of PHP being used. I’m trying to do a PHP sessions LFI to RCE attack, but I don’t know where… Continue reading How can you find the PHP version a website is using using LFI?→

LFI filter bypass

Posted on October 28, 2020 by David

$patterns[0] = ‘/[^[:print:]]+/’; // remove non-printable characters
$patterns[1] = ‘/[ \t]+$/’; // remove whitespace at end of string
$patterns[2] = ‘/^[ \t]+/’; // remove whitespace at beginning of string
$patterns[4] =… Continue reading LFI filter bypass→

Attacking through a malicious HTML file apart from XSS through Javascript?

Posted on June 26, 2020 by Citylight

I recently came across a behavior in a web application where the application (through the use of the header Content-Disposition: attachment) offers to download an HTML file instead of allowing it to get parsed by the browser. Interestingly… Continue reading Attacking through a malicious HTML file apart from XSS through Javascript?→

LFI to RCE through User-Agent

Posted on June 24, 2020 by mat80n2012 cerqueira

I’m doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible esca… Continue reading LFI to RCE through User-Agent→

Exploiting LFI with prefix in PHP?

Posted on February 7, 2020 by Guysudai1

I have a scenario as the following:

<?php include(“resource/” + $_GET[‘vuln’]); ?>

And I’m trying to get RCE from this, or atleast acquire some interesting information.

I already looked at /etc/passwd and other important files…. Continue reading Exploiting LFI with prefix in PHP?→

PHP Local File Inclusion from URL; no param

Posted on December 16, 2019 by Zackline

The PHP code has a handleRoute($path) function that is triggered for URLs like server.com/routeme/a. Handle route has the follwing: if file_exists($path) then include $path.

The $path argument is /srv/dirs/routeme/a.

A Go… Continue reading PHP Local File Inclusion from URL; no param→

How to exploit a file upload which is taking multiple files and create a zip file for download?

Posted on September 28, 2019 by Krishna Sharma

How to exploit a file upload which is taking multiple files and create a zip file for download ?

Continue reading How to exploit a file upload which is taking multiple files and create a zip file for download?→

Local file inclusion to RCE

Posted on September 6, 2019 by Dangu OP

Here is the code:

<?php
$file=trim($_GET[‘img_name’]);
//echo $file;

if (file_exists($file)) {
header(‘Content-Description: File Transfer’);
header(‘Content-Type: application/octet-stream’);
header(‘Content-D… Continue reading Local file inclusion to RCE→

Attack Web Forms dvwa to achieve lfi

Posted on April 6, 2019 by Jshee

Does anyone know how to hack dvwa(http://www.dvwa.co.uk) via submitting a form input like ../../../../../etc/passwd to expose the /etc/passwd of a given server?

Is there a endpoint to hit for this?

Thanks

Continue reading Attack Web Forms dvwa to achieve lfi→