.png)
3 years ago
193 BOOK THIS SPACE FOR AD
ARTICLE AD
LFI (Local File Inclusion) allows an attacker to expose a file on the target server. With the help of directory traversal(../) we can access files that should not be accessible to a user.
For example,
https://example.com/redirect.php?page=/home/index.html This will return the index.html
https://example.com/redirect.php?page=../../../etc/passwd This will return the passwd file.
Its a serious issue, P1 and could lead to RCE with various methods.
In my case the URL was www.target.com/rd?page=/change/lmtstats.html
So i tried directory traversal in the page parameter. The list of payloads can be found here. Its a huge list but ../../../etc/passwd works most of the time but the amount of time you need to add ../ can be huge, and even even if you add maybe 20 ../ the command i.e etc/passwd maybe blocked. So its a bit of try and error.
In my case i had to add ../ 7 times but the final command had .html at the end like so ../../../../../../../etc/passwd.html
Tried changing filetype to txt, png etc no luck.
NullByte - %00
After trying various techniques and encoding, the final payload was
That is the below payload encoded in base64.
..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc..%2Fpasswd..%2F00.txt//.%00
Bengali (Bangladesh) · 
English (United States) ·