Local file inclusion is a vulnerability that allows the assailant to read files that are stored locally through the spider web application.This happens because the code of the application does non properly sanitize the include() function.So if an application is vulnerable to LFI this agency that an assailant tin harvest information almost the spider web server.Below you lot tin encounter an illustration of PHP code that is vulnerable to LFI.
In this article nosotros volition job the mutillidae every bit the target application inwards lodge to exploit the local file inclusion flaw through Burp Suite.As nosotros tin encounter together with from the adjacent screenshot the user tin choose the file elevate together with he tin sentiment the contents of this but yesteryear pressing the sentiment file button.
So what nosotros volition produce is that nosotros volition effort to capture together with manipulate the HTTP asking amongst Burp inwards lodge to read organization files.
As nosotros tin encounter from the inwards a higher house request,the spider web application is reading the files through the textfile variable.So nosotros volition effort to alter that inwards lodge to read a organization directory similar /etc/passwd.In lodge to arrive at that nosotros bring to leave of absence of the spider web directory yesteryear using directory traversal.
We volition frontwards the asking together with forthwith nosotros tin banking concern fit the reply on the spider web application every bit the adjacent icon is showing:
We bring successfully read the contents of the /etc/passwd file.Now amongst the same procedure nosotros tin dump together with other organization files.Some of the paths that nosotros mightiness desire to effort are the following:
Conclusion
As nosotros saw the exploitation of this vulnerability doesn’t involve whatsoever item science but but noesis of well-known directories for unlike platforms.An assailant tin respect a large sum of information for his target through LFI but yesteryear reading files.It is an sometime vulnerability which cannot hold upwards seen rattling oftentimes inwards modern spider web applications.
Vulnerable Code to LFI
In this article nosotros volition job the mutillidae every bit the target application inwards lodge to exploit the local file inclusion flaw through Burp Suite.As nosotros tin encounter together with from the adjacent screenshot the user tin choose the file elevate together with he tin sentiment the contents of this but yesteryear pressing the sentiment file button.
Location of LFI on the Web Application
So what nosotros volition produce is that nosotros volition effort to capture together with manipulate the HTTP asking amongst Burp inwards lodge to read organization files.
Capturing the HTTP Request
As nosotros tin encounter from the inwards a higher house request,the spider web application is reading the files through the textfile variable.So nosotros volition effort to alter that inwards lodge to read a organization directory similar /etc/passwd.In lodge to arrive at that nosotros bring to leave of absence of the spider web directory yesteryear using directory traversal.
HTTP Request Modification – /etc/passwd
We volition frontwards the asking together with forthwith nosotros tin banking concern fit the reply on the spider web application every bit the adjacent icon is showing:
Reading the /etc/passwd
We bring successfully read the contents of the /etc/passwd file.Now amongst the same procedure nosotros tin dump together with other organization files.Some of the paths that nosotros mightiness desire to effort are the following:
- /etc/group
- /etc/hosts
- /etc/motd
- /etc/issue
- /etc/mysql/my.cnf
- /proc/self/environ
- /proc/version
- /proc/cmdline
/etc/group contents
etc/hosts contents
motd
/etc/issue contents
mysql configuration file
/proc/self/environ
/proc/version contents
/proc/cmdline contents
Conclusion
As nosotros saw the exploitation of this vulnerability doesn’t involve whatsoever item science but but noesis of well-known directories for unlike platforms.An assailant tin respect a large sum of information for his target through LFI but yesteryear reading files.It is an sometime vulnerability which cannot hold upwards seen rattling oftentimes inwards modern spider web applications.
