php LFI to read the php file source code as well as directly post webshell-vulnerability warning-the black bar safety net

ID MYHACK58:62201339062
Type myhack58
Reporter CasperKid
Modified 2013-06-03T00:00:00


Recently in the busy defcon topic training where a set of topics where there is a foreigner to write it is mentioned in the LFI, another tips

The original text please refer to the <>

PS: the skill is not a new technology bull God has certainly been with got bored, so when passing on the line =_,=~

I waited for the side dishes just as their own knowledge of the Supplement to silently squatting in the corner ing~)

Assume that follows a scene









(1) <http://vulnerable/fileincl/example1.php?page=intro.php>the php file contains a LFI vulnerability)

(2) but you don't have anywhere to upload your webshell code

(3) The LFI can only be read to a non-php file's source code because cannot resolve execution can only get your ass kicked.)

(4) If you can read to config. php class files may be directly to the database account remote intrusion into

Now the problem is] LFI how to read the php files source code?


So to everyone do a presentation if I normal use the LFI to read/sqli/db. the php file is unable to read its source code it will be treated as php files to be executed





[1] [2] next