How To Exploit Local File Inclusion Vulnerability
Local File Inclusion
As the title says, this is a “short” and descriptive guide about
various methods to exploit using a local file inclusion (LFI).
I will cover the following topics:
•Poison NULL Bytes
•Log Poisoning
•/proc/self/
•Alternative Log Poisoning
•Malicious image upload
•Injection of code by the use of e-mails
•Creativity
By: Fredrik Nordberg Almroth
URL: http://h.ackack.net/
So the question is. What is a LFI?
A LFI is, as the title says,
a method for servers/scripts to include local files on run-time,
in order to make complex systems of procedure calls.
Well most of the time, you find the LFI vulnerabilities in URL’s
of the web pages.
Mainly because developers tend to like the use of GET requests
when including pages.
Nothing more. Nothing less.
阅读全文…