Local File Inclusion – Page 2

Does Windows Server ship with any sensitive images in the filesystem?

Posted on July 27, 2021 by Daniel

I’m working with an interesting vulnerability I found which enables local file inclusion (LFI) on a target server. In summary, there is a PDF generation API endpoint which accepts an HTML string as input. In return, it will render the HTML… Continue reading Does Windows Server ship with any sensitive images in the filesystem?→

How does Local File Inclusion (LFI) work?

Posted on June 3, 2021 by CBCH

In the past few days, I have created my own webserver to serve as my sandbox for learning pen-testing. I saw this blog (https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1) and wanted to attempt something s… Continue reading How does Local File Inclusion (LFI) work?→

Bypass Local File Inclusion(LFI) prevention filters

Posted on April 23, 2021 by Mike Anast

I have these two LFI filters and i want to bypass them
$bad = str_replace(‘../’,”,$_GET[‘bad’]);
while( substr_count($bad, ‘../’, 0)) {
$bad = str_replace(‘../’, ”, $bad);
};
include("./&q… Continue reading Bypass Local File Inclusion(LFI) prevention filters→

How can I read local files from blind XSS?

Posted on December 30, 2020 by eyal

When I do one of these payloads, I can see /etc/passwd:
<iframe src=file:///etc/passwd></iframe>
<img src="xasdasdasd" onerror="document.write(‘<iframe src=file:///etc/passwd></iframe>’)"/>… Continue reading How can I read local files from blind XSS?→

Log poisoning prevention in the context of LFI

Posted on November 11, 2020 by cyzczy

Back in the day, mostly, such injections were taking place over the
server log files. Such files are the Apache error log, the Access log
and more. Techniques like these have been used for years and,
hopefully, they won’t work on updated … Continue reading Log poisoning prevention in the context of LFI→

LFI filter bypass

Posted on October 28, 2020 by David

$patterns[0] = ‘/[^[:print:]]+/’; // remove non-printable characters
$patterns[1] = ‘/[ \t]+$/’; // remove whitespace at end of string
$patterns[2] = ‘/^[ \t]+/’; // remove whitespace at beginning of string
$patterns[4] =… Continue reading LFI filter bypass→

Path traversal limited

Posted on September 23, 2020 by Mosa Salman

I trying to pentest website. I know that there are files named "file1" and "file2". The server is nginx.
So I did this test:

http://example.com/file1..%2ffile2 => 404

http://example.com/file1..%2f..%2ffile2 => 2… Continue reading Path traversal limited→

ASP Web Directories after getting LFI?

Posted on September 3, 2020 by Syed Umer Qadri

If we get LFI in ASP.NET Web server then how to enumerate web.config & common Web Server-Side Files?

Continue reading ASP Web Directories after getting LFI?→

DVWA – Converting Local File Inclusion to Remote Code Exploitation

Posted on August 20, 2020 by 7_R3X

I’m reading this blog and it says:

If the /proc/self/environ file can be accessed through LFI, then in this case “RCE” can be achieved by requesting the file in combination with the payload written into the HTTP User-Agent field.

Then, i… Continue reading DVWA – Converting Local File Inclusion to Remote Code Exploitation→

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

Posted on February 28, 2020 by Swati Khandelwal

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.

Yes, that’s possible because all versions (9.x/8.x/7.x/6… Continue reading GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat→