fuzzdb/attack/lfi
A.K 973e5a4f12
added other common paths
bitnami, apache, httpd on different linux flavors
2018-01-20 12:27:25 +01:00
..
common-ms-httpd-log-locations.txt Fix #144 2016-05-25 17:56:24 -06:00
common-unix-httpd-log-locations.txt added other common paths 2018-01-20 12:27:25 +01:00
JHADDIX_LFI.txt Fix #144 2016-05-25 17:56:24 -06:00
README.md Updated link 2016-08-14 20:52:52 -04:00

LFI - Local File Include attacks

To exploit an LFI bug, you need to be able to write code to a local file and call it from the include. HTTPD log files are a location that is typically writable.

common-unix-httpd-log-locations.fuzz.txt

  • To exploit a lfi bug, you have to get code into a local file. This list contains a list of common unix logfile locations based on common packages formats.

common-windows-httpd-log-locations.fuzz.txt

  • To exploit a lfi bug, you have to get code into a local file. This list contains a list of common windows logfile locations based on common packages formats.

JHADDIX_LFI.txt This file contains many common locations you might have write access to. It's not useful to fuzz it as-is, more to extract the applicable parts, create any possible variants, and use a customized list to hunt for including it.

For more details:

other tools: