πŸ‘¨β€πŸ’»
Jawad's Notes
  • πŸ‘¨β€πŸ«INFOSEC
    • πŸ•ΈοΈWeb
      • Burp Suite: Setting Foxyproxy
      • XSS
      • Wappalyzer
      • Directory Traversal
      • LFI
        • PHP Wrappers
        • RFI
      • Reverse Shell
        • Command Injection Quick Tips
      • File Upload
      • WPScan
      • SQL Injection
        • Schemas
        • SQLmap
        • MSSQL
        • MySQL
        • PostgreSQL
    • πŸ”§Tools
      • Whois
      • DNSRecon
      • DNSenum
      • nslookup
      • Netcat
        • Powercat
      • Nmap
        • Nmap Scripting Engine
        • Test-NetConnection
        • Grep
      • Server Message Block (SMB)
      • SNMP
      • SMTP
      • ExifTool
      • Search Engine Hacking
      • Source Control Hacking
      • Nessus
      • Canarytokens
      • Qualys SSL Server Test
      • Security Headers
      • theHarvester
      • Shodan
      • Gobuster
        • Dirb
      • Searchsploit
      • Password Cracking
        • Hashcat
        • John The Ripper
        • Hydra
        • hashID
        • CPU vs GPU
    • 🐧Linux
      • Symbols
      • cat
      • curl
      • openvpn
      • tcpdump
      • Remote Desktop
      • SmbShare
      • Tmux
      • Convert Windows-style line endings (CRLF) to Unix-style (LF)
      • SSH
    • πŸ–₯️Macros in Office
    • 🍎Enhancing Your MacOS Terminal Experience
    • 🚩CTF
      • SQL Injection
        • WHERE clause allowing retrieval of hidden data
        • Allowing login bypass
        • UNION attack, determining the number of columns returned by the query
        • UNION attack, finding a column containing text
        • UNION attack, retrieving data from other tables
        • UNION attack, retrieving multiple values in a single column
        • Querying the database type and version on Oracle
Powered by GitBook
On this page
  1. INFOSEC
  2. Web

LFI

Local File Inclusion (LFI) allows attackers to include and execute files on a server via a web application. This vulnerability can expose sensitive data or lead to remote code execution.

How LFI Works

  • Results from improper validation of user-supplied input in file inclusion operations.

  • Attackers manipulate parameters to access files on the server, such as using ?page=../../etc/passwd in a URL.

Typical Vulnerable Code Patterns

  • Common in PHP with include() or require() functions.

  • Example of vulnerable PHP code:

    $file = $_GET['file'];
include($file);

Exploitation Techniques

  • Basic LFI: Direct file referencing, e.g., ?file=../../../../etc/passwd.

  • Null Byte Injection: Using %00 or null byte in older PHP versions to bypass checks.

  • PHP Wrappers: Utilizing PHP streams like php://filter for code execution or file disclosure.

  • Log Poisoning: Injecting code into logs and including the log file to execute code.

Mitigation Strategies

  • Input Validation: Implement whitelisting for acceptable inputs, avoiding dynamic file inclusion.

  • Limit File Access: Restrict accessible files with server-side controls.

  • Update and Patch: Regularly update PHP and server software.

  • Error Handling: Robust error handling to prevent information leakage.

Impact

  • Potential unauthorized access to sensitive files, credential leakage, source code disclosure, and remote code execution capabilities.

We should remember that on Windows, directory structures might differ, and log files are located in application-specific paths.

Resources

PreviousDirectory TraversalNextPHP Wrappers

Last updated 1 year ago

πŸ‘¨β€πŸ«
πŸ•ΈοΈ
https://owasp.org/www-community/attacks/Log_Injection