Vote count:
0
Working on a vulnerable application hosted in a VM, and I'm able to successfully identify a LFI vulnerability -- confirmed by accessing several locally hosted files (e.g., /etc/passwd, etc.). However, it seems that 95% of the LFI articles online all work because their user has access to common files such as /proc/self/fd/, /proc//fd/, /proc/self/environ, log files, etc.
If the current page echos back your LFI input, is there a possible way to include the existing page and inject PHP code along with that?
asked 15 secs ago
Aucun commentaire:
Enregistrer un commentaire