Testing for all LFI on OWASP-SKF
Welcome back my budding hackers , so this time we’ll blackbox test the Owasp-Skf and we’ll try to test the LFI’s (local file inclusion) this time .
Let’s run our owasp-skf server for LFI
We can see that we have a submit button and a drop down menu as well , so let’s check them out .
On clicking on the submit button and inspecting the html code
We can notice that the server is refeering to a file at location text/intro.txt with the file name as intro.txt , let’s try directory traversal here and check if we can exploit the LFI.
We’ll do directory traversal for /etc/passwd
Once we do that let’s use the drop down option for chapter 1
Once we click on the submit button , we have all the content of /etc/passwd.
Let’s try to exploit , the way we did before
We can see that we get a message “try harder’ , okay let’s try hard then . Since our usual method is not working , so the server must be filtering our “../” , and that’s the reason why we aren’t able to exploit , let’s have a closer look at this photo .
So we’ll use “…/./” in place of “../” alright , so let’s try this method
Here we go , we have exploited LFI .
Let’s try the payload that we used in case-2 here
It says try harder which means that the server isn’t accepting the “../” at all , what we can do now ?
Let’s set up our burp proxy and analyze the requests
When we click on submit button for chapter one , this is the request that we see , we can see the file path here , so let’s inject our payload here .
But before sending the request as i said before the server isn’t accepting “../” at all so what we can do is to encode our payload with url encoding , we can encode it one time , two time whatever , i have encoded it thrice here , so let’s forward this packet .
Here we go
File inclusion vulnerabilities are simple and easy to exploit and they can actually cause potential damage , check out my other blog to learn how you can execute code on server just by exploiting LFI vulnerability .