Skip to content

LFI

  • Local File Inclusion
  • Two common readable files that are available on most back-end servers are /etc/passwd on Linux and C:\Windows\boot.ini on Windows. IMPORTANT
  • In a Local File Inclusion (LFI) vulnerability exploit targeting a PHP file (like index.php), the PHP code within the file will generally be executed by the web server, resulting in the rendered output (often HTML) being returned to the attacker, rather than the raw source code itself.

Path Traversal

  • the absolute path /etc/passwd will work if the user input is directly used by the application.
  • however, if the userinput is only used within a directory, as a filename, then we would not get the expected output.
  • to bypass this restriction of relative paths, we can use ../

Filename Prefix

  • in case when the user-input is being appended with a filename prefix:
    • if we enter ../etc/passwd, it will be read as lang_../etc/passwd which will not be found.
  • We can enter /../etc/passwd in this case.
    • it will be read as lang_/../etc/passwd

Appended Extensions

    • if we enter /etc/passwd, it will be rendered as /etc/passwd.php
  • To be discussed in Basic Bypassess

Second order attacks