This tutorial will guide you into the process of exploiting a website thru the LFI (Local File Inclusion).
First lets take a look at a php code that is vulnerable to LFI:
PHP Code:
Now that you have a list of potential sites that may have a forum or something else that allows you to upload your image all you need to do is take some time to browse thru them until you find one!
After you found one and have uploaded your image here is tricky part, you'll need to "create" an error on it (in order to find the server path to it)! Try per example create an mysql error and you will get something like this:
Quote: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sitefolder/public_html/includes/view.php on line 37 If you can't force an error go back to the etc/passwd file:
Quote: username:kbeMVnZM0oL7I:503:100:FullName:/home/username:/bin/sh As you can see the username is also the directory name, most of the times the name is similar to the domain name, but if not the case you'll have to try them until you find the one you're looking for!
Go to your avatar image right click on it and then properties (write down the path to it), you'll now all set up. In your browser type this (again, the nr of ../ may vary):
Quote: victim.com/index.php=../../../../../../../../../home/the_other_site_dir/public_html/path_to_your_avatar/avatar.jpg In order "words" should look like this (using fictitious "names"):
Quote: victim.com/index.php=../../../../../../../../../home/arcfull/public_html/forum/uploads/avatar.jpg After you type this you will see the result of the code inserted in the image!
SOURCE: PINOY SECURITY
1 Visitor Reactions & Comments:
how to get this /test.php
Post a Comment