-
-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Warmonger <[email protected]>
- Loading branch information
1 parent
1e121d8
commit 779f79b
Showing
1 changed file
with
39 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,41 @@ | ||
| # Local File Inclusion (LFI) | ||
| * Local File Inclusion (LFI) allows an attacker to include files on a server through the web browser. This vulnerability exists when a web application includes a file without correctly sanitising the input, allowing and attacker to manipulate the input and inject path traversal characters and include other files from the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). Typically, LFI occurs when an application uses the path to a file as input. If the application treats this input as trusted, a local file may be used in the include statement. | ||
| ## Libraries Used | ||
| * Request – This particular library has been used as we need to make HTTP requests in order to check for the LFI vulnerability. | ||
| * sys – This particular library is necessary as it helps by providing various functions and variables to manipulate different parts of the Python Runtime environment | ||
| ## HOW TO RUN THE CODE ## | ||
| * python3 Lfi.py [options] (url) | ||
| ## Goal of the code | ||
| * Scan the target web application for a LFI vulnerability | ||
| ## Logic Utilized | ||
| * Firstly using the if statement we filter out invalid target application inputs. Once we find a valid target we store it in selected_target. | ||
| ### Local File Inclusion Scanner and Exploiter | ||
|
|
||
| **Features** | ||
|
|
||
| 1- Scanner | ||
|
|
||
| 2- Exploiter | ||
|
|
||
| **Exploiter Attack Vectors:** | ||
|
|
||
| 1- /proc/self/environ | ||
|
|
||
| 2- /var/log/auth.log | ||
|
|
||
| 3- Apache Log Poisoning | ||
|
|
||
| 4- php://input | ||
|
|
||
| 5- Php Sessions and Cookies | ||
|
|
||
| 6- Data Wrapper | ||
|
|
||
| 7- SMTP Poisoning | ||
|
|
||
| 8- All attacks in one | ||
|
|
||
|
|
||
| **Installation** | ||
| ``` | ||
| git clone https://github.com/Open_Source_Web-Vulnerability-Scanner-and-Patcher/ | ||
| cd Lfi Scanner | ||
| pip3 install pyfiglet | ||
| pip3 install SimpleTelnetMail | ||
| ``` | ||
| **Usage** | ||
| ``` | ||
| python3 Lfi.py | ||
| ``` | ||
|
|