exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files

Local File Inclusion (LFI) Testing Techniques
Posted Jan 6, 2017
Authored by Aptive | Site aptive.co.uk

The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.

tags | paper, web, local, vulnerability, file inclusion
MD5 | e7fdd5e5b7b65b2027f85f7ec55081ff

Related Files

WordPress WooCommerce Direct Download Local File Inclusion
Posted Jan 17, 2017
Authored by Diego Celdran Morell

WordPress Direct Download for WooCommerce versions up to 1.15 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | bb66f3e733500d157bafada42f0d1eba
LFI Image Helper 0.8
Posted Jan 9, 2015
Authored by Doddy Hackman

This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.

tags | tool, local, php, rootkit, file inclusion
systems | unix
MD5 | 3998e803e8bda13df22527ffd0db6359
Xalan-Java 2.7.0 Insufficient Secure Processing
Posted Mar 25, 2014
Authored by Andrea Barisani, Nicolas Gregoire, Open Source CERT

The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.

tags | advisory, java
advisories | CVE-2014-0107
MD5 | d274ff5f63281d441f0f9514f291ddb7
LFI Exploiter 1.1
Posted Dec 8, 2013
Authored by M.R.S.CO

This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.

Changes: Various updates.
tags | tool, local, perl, code execution, file inclusion
systems | unix
MD5 | 802e666f4cfa925563246c19740df286
LFI Exploiter
Posted Sep 26, 2012
Authored by M.R.S.CO

This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.

tags | tool, local, perl, code execution, file inclusion
systems | unix
MD5 | 4a28894995bf7478f9b2b7d5144536dc
LFI Fuzzploit Tool 1.1
Posted Nov 12, 2011
Authored by nullbyt3

LFI Fuzzploit is a simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. Using special encoding and fuzzing techniques, lfi_fuzzploit will scan for some known and some not so known LFI filter bypasses and exploits using some advanced encoding/bypass methods to try to bypass security and achieve its goal which is ultimately, exploiting a local file inclusion.

Changes: A bug in the file descriptor scan function is fixed. A command shell bug is fixed.
tags | tool, local, scanner, php, vulnerability, file inclusion
systems | linux, unix
MD5 | 8adb584643536d79538aa0d7d080800d
LFI Fuzzploit Tool
Posted Oct 29, 2011
Authored by nullbyt3

LFI Fuzzploit is a simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. Using special encoding and fuzzing techniques, lfi_fuzzploit will scan for some known and some not so known LFI filter bypasses and exploits using some advanced encoding/bypass methods to try to bypass security and achieve its goal which is ultimately, exploiting a local file inclusion.

tags | tool, local, scanner, php, vulnerability, file inclusion
systems | linux, unix
MD5 | bcc77a5522b6bab755081cf19d3d18e6
LFI With PHPInfo Assistance
Posted Sep 6, 2011
Authored by Brett Moore | Site insomniasec.com

Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.

tags | paper, php, vulnerability, file upload
MD5 | 454c805f04937f25900ebcce27432d3b
LFI Scanner 4.0
Posted Jul 6, 2011
Authored by Bl4ck.Viper

This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target.

Changes: New bypass method added and ability to read /etc/passwd.
tags | tool, local, scanner, perl, file inclusion
systems | unix
MD5 | da840c2308be4ed934ac1c510dd45afe
LFI Scanner 3.0
Posted Jun 16, 2011
Authored by Bl4ck.Viper

This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target.

tags | tool, local, scanner, perl, file inclusion
systems | unix
MD5 | a06d7f5dd9ba30d7884a73d00b0afacf
Simple Local File Inclusion Vulnerability Scanner
Posted Dec 29, 2010
Authored by Valentin Hoebel

This tool helps discover local file inclusion vulnerabilities. It creates a random user agent for the connection, supports nullbytes, supports common Unix systems, and more.

tags | tool, local, scanner, vulnerability, file inclusion
systems | unix
MD5 | bb7120fa3e8cf077e8170499d4f6b06a
LFI Map 1.3
Posted Dec 1, 2010
Authored by Augusto Pereyra | Site code.google.com

LFImap is a python script that tests leverages local file inclusion vulnerabilities to figure out the root of a file system, looks inside of some files and more.

tags | tool, local, root, scanner, vulnerability, python, file inclusion
systems | unix
MD5 | 7903ee2d680f6c07f3940a15a038395b
Simple Local File Inclusion Exploiter 1.0
Posted Nov 22, 2010
Authored by Valentin Hoebel

The Simple Local File Inclusion Exploiter tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities.

tags | tool, local, scanner, vulnerability, file inclusion
systems | unix
MD5 | 712bb09346a5ac665a6e8d46e56f37b6
Local File Inclusion, Step By Step
Posted Oct 28, 2010
Authored by Don Tukulesto | Site indonesiancoder.com

Whitepaper called Local File Inclusion, Step By Step. Written in Indonesian.

tags | paper, local, file inclusion
MD5 | 2a3a57cb9bac73d92b5fda1e88086d7a
Local File Inclusion Whitepaper
Posted Apr 20, 2010
Authored by Fredrik Nordberg Almroth | Site h.ackack.net

This is a short and descriptive guide about various methods for exploiting local file inclusion vulnerabilities.

tags | paper, local, vulnerability, file inclusion
MD5 | 84c0a5f95cd910c921543a779994f496
LFI/RFI Testing With fimap
Posted Sep 4, 2009
Authored by Iman Karim

This paper discuss local and remote file inclusion testing and exploiting using fimap.

tags | paper, remote, local, file inclusion
MD5 | f7dec790733630ffeed3134110800187
Simple Local File Inclusion Checker
Posted Mar 9, 2009
Authored by D4T4X

Simple perl script for checking a variable for local file inclusion.

tags | tool, local, scanner, perl, file inclusion
systems | unix
MD5 | 5095f4f32a15881c9a50e29b7a09bebc
File Inclusion Scanning Utility
Posted Jan 6, 2009
Authored by baltazar | Site darkc0de.com

Local / Remote file inclusion scanner that attempts to make use of a c99 shell on a vulnerable host.

tags | tool, remote, shell, local, scanner, code execution, file inclusion
systems | unix
MD5 | a1530ae1679861ae4a4d3387842eac0e
LFI To RCE Exploit With Perl Script
Posted Dec 9, 2008
Authored by CWH Underground | Site citecclub.org

Local File Inclusion to Remote Code Execution with a perl script.

tags | paper, remote, local, perl, code execution, file inclusion
MD5 | b9da8e8f909bfd06754d49a7925b5a8f
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close