Senin, 08 Agustus 2011

Local File Inclusion

Today I will share you how to upload shell to web server with local file inclusion (LFI)..
first I was tried one web that vulner of  LFI attack then I tried to inject the variable page like this
http://192.168.56.101/mutillidae/index.php?page=.../ and it got an error like this bellow

Warning: include(../) [function.include]: failed to open stream: No such file or directory in /opt/lampp/htdocs/mutillidae/index.php on line 352
Warning: include() [function.include]: Failed opening '../' for inclusion (include_path='.:/opt/lampp/lib/php') in /opt/lampp/htdocs/mutillidae/index.php on line 352

its mean that this web can be exploit .. next job I have to find out location of directory etc/passwd/
the result like this :