IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [local-file-inclusion]

Local File Inclusion (also known as LFI) allows an attacker to include files in server-side through the web browser. LFI is commonly found to affect web applications that rely on a scripting runtime. This occurs mainly due to a bad input validation mechanism, wherein the user’s input is passed to the file include commands without proper validation.

13 questions
3
votes
2 answers

How can I read local files from blind XSS?

When I do one of these payloads, I can see /etc/passwd: However this I got blind XSS, so I need to send the iframe…
eyal
  • 73
  • 1
  • 3
2
votes
2 answers

File inclusion exposed passwords

I am confused about LFI where I have seen many broken web-app demos demonstrate LFI where they traverse to a directory similar to /etc/passwd. How are these passwords being stored exactly? I do not understand why there is a directory for passwords.…
Krellex
  • 197
  • 1
  • 4
2
votes
0 answers

Does Windows Server ship with any sensitive images in the filesystem?

I'm working with an interesting vulnerability I found which enables local file inclusion (LFI) on a target server. In summary, there is a PDF generation API endpoint which accepts an HTML string as input. In return, it will render the HTML and spit…
Daniel
  • 21
  • 3
2
votes
2 answers

LFI filter bypass

$patterns[0] = '/[^[:print:]]+/'; // remove non-printable characters $patterns[1] = '/[ \t]+$/'; // remove whitespace at end of string $patterns[2] = '/^[ \t]+/'; // remove whitespace at beginning of string $patterns[4] =…
David
  • 95
  • 1
  • 7
1
vote
0 answers

Any Windows/NTFS trick to ignore/cancel out a file extension from a path?

I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call: File.Open("C:\Resources\"+resName+".res", FileMode.Open) The contents of that file is then returned to me.…
PenetrationTester
  • 11
  • 4
0
votes
1 answer

Is this really a way to filter LFI?

I'm not sure if this is a valid way how to filter LFI, because if you bypass in_array function you can include any file, for example /etc/passwd. Is it possible to bypass in_array function?
Kiwi501987
  • 3
  • 1
0
votes
1 answer

PHP 7.4.3 preg_match bypass

I want to filter user input like this: $data = file_get_contents('php://input'); if ($data != null && $data !=='') { $parsedData = json_decode($data, true); } // find quickmodule name $moduleName = $_GET['module']; // validate name if (!…
The Modern Gamer
  • 3
  • 3
0
votes
0 answers

How to bypass LFI filter that only allows letters?

I am trying to bypass this LFI filter for a challenge... I've tried almost all techniques at hand. Changing GET request to POST. Null byte or ? at the end. URL encoding. Double URL encoding. Base64 encoding. PHP wrappers. Even HTTP parameter…
4d4143
  • 133
  • 1
  • 8
0
votes
2 answers

How does Local File Inclusion (LFI) work?

In the past few days, I have created my own webserver to serve as my sandbox for learning pen-testing. I saw this blog (https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1) and wanted to attempt something similar and…
CBCH
  • 15
  • 5
0
votes
2 answers

Bypass Local File Inclusion(LFI) prevention filters

I have these two LFI filters and i want to bypass them $bad = str_replace('../','',$_GET['bad']); while( substr_count($bad, '../', 0)) { $bad = str_replace('../', '', $bad); }; include("./".$bad); I tried…
Mike Anast
  • 1
  • 1
0
votes
1 answer

Log poisoning prevention in the context of LFI

Back in the day, mostly, such injections were taking place over the server log files. Such files are the Apache error log, the Access log and more. Techniques like these have been used for years and, hopefully, they won’t work on updated systems -…
cyzczy
  • 1,518
  • 5
  • 21
  • 34
0
votes
2 answers

Path traversal limited

I trying to pentest website. I know that there are files named "file1" and "file2". The server is nginx. So I did this test: http://example.com/file1..%2ffile2 => 404 http://example.com/file1..%2f..%2ffile2 => 200 and it showed me file2, so it…
Mosa Salman
  • 1
0
votes
1 answer

DVWA - Converting Local File Inclusion to Remote Code Exploitation

I'm reading this blog and it says: If the /proc/self/environ file can be accessed through LFI, then in this case “RCE” can be achieved by requesting the file in combination with the payload written into the HTTP User-Agent field. Then, it goes on…
7_R3X
  • 606
  • 3
  • 12
  • 25