Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (0)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Web Application Security
Doubt regarding Local File Inclusion(PHP Knowledge enough)
Let this be the LFI Vulnerable script
<?php<br /> $file = str_replace('../', '', $_GET['file']);
And we pass
http://example.com/index.php?file=..%2F..%2F..%2F..%2Fetc%2Fpasswd to attack
But how exactly is the file included now? Wont the scipt now be equivalent so that $file = ..%2F..%2F..%2F..%2Fetc%2Fpasswd
Only browser knows 2F = '/' so how can server include the file? HOw does it exactly understands it??
Its a good tutorial, but there should be no breakline within the php tags as this would just error.
Add a Comment