Local File Inclusion – WindowsTechs.com

How to prevent absolute path traversal in EasyPHP Webserver 14.1

Posted on February 23, 2024 by luminare

In the EasyPHP Webserver 14.1 software, there is an Absolute Path Traversal vulnerability in the dashboard index.php page.
https://www.exploit-db.com/exploits/51430
I reviewed the source code and tried to look for the vulnerable code but I… Continue reading How to prevent absolute path traversal in EasyPHP Webserver 14.1→

Is this PHP code vulnerable to LFI?

Posted on August 31, 2023 by kokitax

I’m currently learning about LFI attacks.
I have coded a simple example and tried to get the content of secrets.txt with an unsafe input ($_GET[‘extension’]).
I have tried the following payloads with no success:

/../../../private/secrets…. Continue reading Is this PHP code vulnerable to LFI?→

LFI to RCE in java EE Application

Posted on July 22, 2023 by Abu Bakar

I found vulnerable end-points in my university’s old portal. It should not be accessible but I found it somehow.
-> First end-point allows me to upload any kind of file on following path : /home/oracle/Oracle/uploads/candidate/
-> … Continue reading LFI to RCE in java EE Application→

Is this a LFI vulnerability?

Posted on November 21, 2022 by Kiwi501987

I’m playing with uploads, so I’m wondering if this route is safe to use, because if you somehow break off from the md5 function path, then you can control the path (if in TypeScript null byte is a thing).
Note: Snyk denotes this as an LFI … Continue reading Is this a LFI vulnerability?→

Why is this uploaded PHP file being downloaded instead of executed? [closed]

Posted on October 11, 2022 by matter1

I was able to find a bypass to file type restrictions in my firm’s site and uploaded a PHP file. I was unable to elevate it to an RCE or even execute the script that I uploaded.
Details:

Firm’s site is built with PHP (No idea of framework… Continue reading Why is this uploaded PHP file being downloaded instead of executed? [closed]→

Any Windows/NTFS trick to ignore/cancel out a file extension from a path?

Posted on July 3, 2022 by PenetrationTester

I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call:
File.Open("C:\Resources\"+resName+".res", FileMode.Open)

The contents of tha… Continue reading Any Windows/NTFS trick to ignore/cancel out a file extension from a path?→

Is this really a way to filter LFI?

Posted on May 28, 2022 by Kiwi501987

I’m not sure if this is a valid way how to filter LFI, because if you bypass in_array function you can include any file, for example /etc/passwd.
Is it possible to bypass in_array function?
<?php
$file = $_GET[‘file’];
$files = array(&q… Continue reading Is this really a way to filter LFI?→

PHP 7.4.3 preg_match bypass

Posted on May 23, 2022 by The Modern Gamer

I want to filter user input like this:
$data = file_get_contents(‘php://input’);

if ($data != null && $data !==”) {
$parsedData = json_decode($data, true);
}

// find quickmodule name
$moduleName = $_GET[‘module’];

// valida… Continue reading PHP 7.4.3 preg_match bypass→

File inclusion exposed passwords

Posted on March 14, 2022 by Krellex

I am confused about LFI where I have seen many broken web-app demos demonstrate LFI where they traverse to a directory similar to /etc/passwd. How are these passwords being stored exactly? I do not understand why there is a directory for p… Continue reading File inclusion exposed passwords→

How to bypass LFI filter that only allows letters?

Posted on October 21, 2021 by 4d4143

I am trying to bypass this LFI filter for a challenge…
I’ve tried almost all techniques at hand. Changing GET request to POST. Null byte or ? at the end. URL encoding. Double URL encoding. Base64 encoding. PHP wrappers. Even HTTP paramet… Continue reading How to bypass LFI filter that only allows letters?→