a LFI vulnerability is where you can input a file name (or part of it) into URL as a parameter and a PHP from the URL responds by reading the file out to users.
For example:
a PHP file named "testlfi.php" has a content like this
<?php include($_GET['file']); ?>When querying for the testlfi.php, we can query it like this
http://localhost/testphp/testlfi.php?file=input.php
This means, we give "file" parameter with value "input.php". Therefore, "testlfi.php" would execute "include('input.php')" and prints out the content of "input.php" out to the screen.
The result is now like this:
Unfortunately, LFI is available from using "include","require", "require_once" or "include_once" which actually interpret PHP commands inside the PHP file before it displays the content.
So we cannot really see what is the actual PHP content in the PHP file.
But!!! There is a way to by-pass that process.
using php://filter/convert.base64-encode/resource=input.php
So, the full requesting URL is
http://localhost/testphp/testlfi.php?file=php://filter/convert.base64-encode/resource=input.php
And the result is now becomes:
It is encrypted in BASE64 format.
It can easily be decrypted by a simple Ruby script, or you can use online Base64 decrypter online (Google it)
So we can now see the content of the file like this:
I use irb (interactive-ruby-shell) and use the method "unpack" with "m*" as its argument to get content of the base64-encrypted value.
As you can see from the picture,
the file "input.php" does not just contain the word "Hello World", but it contains "secret" which is now revealed.
มุข php warpper ต้อง php.ini เซ็ต allow_url_include = On "มั้ง"
ReplyDeleteซึ่ง ค่อนข้างหายากนะ
Great Article IoT Projects for Students
DeleteDeep Learning Projects for Final Year
JavaScript Training in Chennai
JavaScript Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training
Great blog.you put Good stuff.All the topics were explained briefly.so quickly understand for me.I am waiting for your next fantastic blog.Thanks for sharing.Any coures related details learn...
ReplyDeletePhp course in chennai
Cool Stuff. Kanhasoft is the top-notch PHP web development company India providing offshore services. Get affordable and reliable web solutions with us.
ReplyDeleteOur staffs are earnest to their work and could assist you with becoming a pioneer in the business you are included keeping your rivals behind with their high learning and imaginative thoughts for creating sites. Top Expert Cakephp Developers
ReplyDeleteYour article is extremely helpful exceptionally fascinating subject i am looking that sort of post thank for imparting to us keep it up. Viaral content
ReplyDeletePHP programming has been used since latest two decades from its introduction in 1995. It is trusted by an enormous number of business destinations owners and fashioners and the summary is creating bit by bit.Why use Laravel
ReplyDeleteThe patent, then again is conceded to the first to apply for it, paying little mind to who the first to imagine it was. https://www.apkmacpc.com/itools-crack/
ReplyDeleteYou really touched some highly beneficial information here, for which I really appreciate you. Thank you for taking time to write this post here. Keep sharing. good work
ReplyDeleteAi & Artificial Intelligence Course in Chennai
PHP Training in Chennai
Ethical Hacking Course in Chennai Blue Prism Training in Chennai
UiPath Training in Chennai