Tuesday, September 6, 2011

LFI With PHPInfo Assistance

Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.

During assessments it is still common to find LFI vulnerabilities when testing PHP applications. Depending on the server configuration it is often possible to convert these into code execution primitives through known techniques such as;

- /proc/self/environ
- /proc/self/fd/...
- /var/log/...
- /var/lib/php/session/ (PHP Sessions)
- /tmp/ (PHP Sessions)
- php://input wrapper
- php://filter wrapper
- data: wrapper

Download PDF: http://www.insomniasec.com

No comments: