Does anyone know how to hack dvwa(http://www.dvwa.co.uk) via submitting a form input like ../../../../../etc/passwd to expose the /etc/passwd of a given server?
Is there a endpoint to hit for this?
Thanks
Asked
Active
Viewed 155 times
0
JShee
- 1
-
1https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601 – yeah_well Apr 06 '19 at 10:58
-
Yes I saw this for in the `url` but not via a form field... do you know where to find that – JShee Apr 06 '19 at 12:07
-
You wont find it in DVWA.But you can code it yourself.Simple take the filename via post request instead of GET and in the backend include that file without any validation. – yeah_well Apr 06 '19 at 12:14
-
@VipulNair can you please provide a sample? – Jshee Apr 09 '19 at 12:40
-
sample of what? – yeah_well Apr 09 '19 at 12:42
-
@VipulNair - How to do this: Simple take the filename via post request instead of GET and in the backend include that file without any validation – Jshee Apr 09 '19 at 12:45
-
I dont have the laptop right now.I will write you the code in a few hours – yeah_well Apr 09 '19 at 12:54
-
Wow, thanks @VipulNair - look forward to seeing it. – Jshee Apr 09 '19 at 13:03
1 Answers
1
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$file=$_POST['filename'];
include($file);
}?>
<html>
<title>test</title>
<head>
</head>
<body>
<form method="post" action="index.php">
<p>filename<input type="text" name="filename"><p>
</form>
</body>
</html>
This is usually the vulnerable back end code for Local file inclusion.If you intercept the request and change the filename parameter you can read data from the victim server.This code can also result in remote file inclusion if allow_url_include is turned on.
yeah_well
- 3,699
- 1
- 13
- 30