fuzzdb

mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2024-09-20 06:01:57 +00:00

History

Adam Muntner 17cedd2a99 Update README.md		2016-08-14 20:35:00 -04:00
..
common-ms-httpd-log-locations.txt	Fix #144	2016-05-25 17:56:24 -06:00
common-unix-httpd-log-locations.txt	Fix #144	2016-05-25 17:56:24 -06:00
JHADDIX_LFI.txt	Fix #144	2016-05-25 17:56:24 -06:00
README.md	Update README.md	2016-08-14 20:35:00 -04:00

README.md

LFI - Local File Include attacks

To exploit an LFI bug, you need to be able to write code to a local file and call it from the include. HTTPD log files are a location that is typically writable.

common-unix-httpd-log-locations.fuzz.txt

To exploit a lfi bug, you have to get code into a local file. This list contains a list of common unix logfile locations based on common packages formats.

common-windows-httpd-log-locations.fuzz.txt

To exploit a lfi bug, you have to get code into a local file. This list contains a list of common windows logfile locations based on common packages formats.

For more details:

http://www.wtfchan.org/~evil1/Web-Shells-rev2.pdf

other tools:

fimap https://tha-imax.de/git/root/fimap