From Local File Inclusion to Reverse Shell

What is a file inclusion vulnerability?

How to identify Local File Inclusion (LFI)?

  • /proc/self/environ ; This file contains the variables of the current environment, we will try to manipulate the value of these variables to achieve our nasty goal.
  • /var/log/auth.log; This file contains authorization information logged by various processes .

Getting a Reverse Shell ( Method -1 )

Getting a Reverse Shell ( Method 2 )

Conclusion

  • File inclusion vulnerability occurs when the user can pass the file path in the input
  • To find if the website is vulnerable to LFI always try directory traversal.
  • Try to access different files and see which parameter you can change according to your benefit.
  • I would like to end this blog by quoting ‘The difference between a noob and a hacker is that a hacker has failed more than a noob has ever tried”.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store