Jump to content
Nytro

Local File Inclusion Exploitation With Burp

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=2]Local File Inclusion Exploitation With Burp[/h]

Local file inclusion is a vulnerability that allows the attacker to read files that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function.So if an application is vulnerable to LFI this means that an attacker can harvest information about the web server.Below you can see an example of PHP code that is vulnerable to LFI.

file-inclusion.jpeg?w=645Vulnerable Code to LFI

In this article we will use the mutillidae as the target application in order to exploit the local file inclusion flaw through Burp Suite.As we can see and from the next screenshot the user can select the file name and he can view the contents of this just by pressing the view file button.

file-inclusion1.jpeg?w=645&h=324Location of LFI on the Web Application

So what we will do is that we will try to capture and manipulate the HTTP request with Burp in order to read system files.

file-inclusion2.jpeg?w=645&h=235Capturing the HTTP Request

As we can see from the above request,the web application is reading the files through the textfile variable.So we will try to modify that in order to read a system directory like /etc/passwd.In order to achieve that we have to go out of the web directory by using directory traversal.

file-inclusion3.jpeg?w=645&h=284HTTP Request Modification – /etc/passwd

We will forward the request and now we can check the response on the web application as the next image is showing:

file-inclusion4.jpeg?w=645Reading the /etc/passwd

We have successfully read the contents of the /etc/passwd file.Now with the same process we can dump and other system files.Some of the paths that we might want to try are the following:

  • /etc/group
  • /etc/hosts
  • /etc/motd
  • /etc/issue
  • /etc/mysql/my.cnf
  • /proc/self/environ
  • /proc/version
  • /proc/cmdline

file-inclusion5.jpeg?w=645/etc/group contents

file-inclusion6.jpeg?w=645etc/hosts contents

file-inclusion7.jpeg?w=645motd

file-inclusion8.jpeg?w=645/etc/issue contents

file-inclusion14.jpeg?w=645mysql configuration file

file-inclusion12.jpeg?w=645&h=129/proc/self/environ

file-inclusion10.jpeg?w=645&h=50/proc/version contents

file-inclusion11.jpeg?w=645/proc/cmdline contents

Conclusion

As we saw the exploitation of this vulnerability doesn’t require any particular skill but just knowledge of well-known directories for different platforms.An attacker can discover a large amount of information for his target through LFI just by reading files.It is an old vulnerability which cannot be seen very often in modern web applications.

Sursa: https://pentestlab.wordpress.com/2012/12/26/local-file-inclusion-exploitation-with-burp/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...