Welcome to Ask A Pentester, where you can get your security questions answered by members of the IT Security community!

Spread the word!

Links

LFI exploration files

0 votes
Hi,
i'm studding LFI issue due to a pratical test for a job.
So i'm trying to find key files to inject my commands.
Until now, i can enumerate this:

Files to inject:
- default webserver logs
- default daemons logs if world readable
- environ file at /proc

Files to get helpfull information
- locatedb file (no slocate, no mlocate) to get vhost and more logs
- some proc files

Some one could help me about more key files ? Injectable or not, maybe tricks to get vhost infos (without httpd.conf and localedb, course).

thanks friends.
asked 4 months ago in Web Hacking by rjohnbg (30 points)

1 Answer

0 votes
I'm a big fan of the web fuzzing lists from the Fuzzdb:

http://code.google.com/p/fuzzdb/

http://code.google.com/p/fuzzdb/source/browse/#svn%2Ftrunk%2Fattack-payloads%2Flfi

 

also try this:

 

http://pastie.org/840199
answered 2 months ago by jhaddix (50 points)

Please log in or register to answer this question.

Powered by Question2Answer
Designed by Axiologic SaaS