votes

3 answers

Can there be a way to exploit PHP include_once() when the input is filtered?

Let's assume there is this code for including other php files from user input (yes, I know it's a bad choice): $input = addslashes($_GET["input"]); if (strpos($input, '../') === false) { include_once('/path/to/php/files/'.$input); } else {…

php lfi

asked Nov 04 '18 at 08:55

user186505

3

votes

2 answers

How can I read local files from blind XSS?

When I do one of these payloads, I can see /etc/passwd:

However this I got blind XSS, so I need to send the iframe…

xss javascript lfi local-file-inclusion

asked Dec 30 '20 at 04:39

eyal

73
1
3

2

votes

2 answers

File inclusion exposed passwords

I am confused about LFI where I have seen many broken web-app demos demonstrate LFI where they traverse to a directory similar to /etc/passwd. How are these passwords being stored exactly? I do not understand why there is a directory for passwords.…

penetration-test lfi local-file-inclusion

asked Mar 14 '22 at 19:40

Krellex

197
1
4

2

votes

0 answers

Does Windows Server ship with any sensitive images in the filesystem?

I'm working with an interesting vulnerability I found which enables local file inclusion (LFI) on a target server. In summary, there is a PDF generation API endpoint which accepts an HTML string as input. In return, it will render the HTML and spit…

penetration-test html bug-bounty lfi local-file-inclusion

asked Jul 27 '21 at 01:34

Daniel

21
3

2

votes

4 answers

LFI php://input returning initial argument?

TLDR: Trying to execute commands on site thats got a LFI vuln. So I am making my post request to my vulnerable site and import requests header = { 'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', …

web-application file-upload remote-code-execution lfi

asked Jan 17 '21 at 06:16

RFIx

21
2

2

votes

2 answers

LFI filter bypass

$patterns[0] = '/[^[:print:]]+/'; // remove non-printable characters $patterns[1] = '/[ \t]+$/'; // remove whitespace at end of string $patterns[2] = '/^[ \t]+/'; // remove whitespace at beginning of string $patterns[4] =…

web-application lfi local-file-inclusion

asked Oct 28 '20 at 07:45

David

95
1
7

2

votes

0 answers

Exploiting LFI with prefix in PHP?

I have a scenario as the following: And I'm trying to get RCE from this, or atleast acquire some interesting information. I already looked at /etc/passwd and other important files. Are there things I…

web-application php exploit vulnerability lfi

asked Feb 07 '20 at 15:54

Guysudai1

133
6

1

vote

1 answer

What can a lfi without ssh open be used for

If a server has LFI vulnerability, I usually try to find if ssh is open and after some research if I can't find any spilt credentials, I just bruteforce it or something. Can I use a LFI vulnerability for something else useful to exploit the system…

web-application lfi

asked Feb 24 '21 at 13:32

mTvare

113
3

1

vote

2 answers

Attacking through a malicious HTML file apart from XSS through Javascript?

I recently came across a behavior in a web application where the application (through the use of the header Content-Disposition: attachment) offers to download an HTML file instead of allowing it to get parsed by the browser. Interestingly, the GET…

xss html lfi

asked Jun 26 '20 at 16:52

Sreeraj

1,297
1
13
21

1

vote

2 answers

PHP Local File Inclusion from URL; no param

The PHP code has a handleRoute($path) function that is triggered for URLs like server.com/routeme/a. Handle route has the follwing: if file_exists($path) then include $path. The $path argument is /srv/dirs/routeme/a. A Google search leads to a…

php nginx lfi

asked Dec 16 '19 at 19:30

Zackline

111
2

1

vote

2 answers

Local file inclusion to RCE

Here is the code:

php lfi

asked Sep 06 '19 at 06:15

Dangu OP

11
1

0

votes

1 answer

Is this really a way to filter LFI?

I'm not sure if this is a valid way how to filter LFI, because if you bypass in_array function you can include any file, for example /etc/passwd. Is it possible to bypass in_array function?

php lfi local-file-inclusion

asked May 28 '22 at 14:14

Kiwi501987

3
1

0

votes

0 answers

bruteforce attack inside iFrame

How can I change the value of src parameter inside the iFrame tag with programs like wfuzz or fuff? For example I have an iFrame on the server like this: iframe.php attack to iFrame

iFrame Attack !!!…

brute-force iframe lfi

asked May 08 '22 at 14:51

Freeman

221
1
3
6

0

votes

2 answers

Bypass Local File Inclusion(LFI) prevention filters

I have these two LFI filters and i want to bypass them $bad = str_replace('../','',$_GET['bad']); while( substr_count($bad, '../', 0)) { $bad = str_replace('../', '', $bad); }; include("./".$bad); I tried…

php lfi local-file-inclusion

asked Apr 23 '21 at 07:29

Mike Anast

1
1

0

votes

1 answer

How can you find the PHP version a website is using using LFI?

If a website is vulnerable to Local File Inclusion (LFI), how can you use it to find out the PHP version? Is there any file which says the version of PHP being used. I'm trying to do a PHP sessions LFI to RCE attack, but I don't know where the…

php exploit web lfi

asked Nov 19 '20 at 19:59

201120

1

1

2 Next

Questions tagged [lfi]

iFrame Attack !!!…