How Do Hackers Upload Shellcodes Using LFI » TechNoCP


Hi Hackies,

Today I am going to introduce a new thing “LFI(Local File Inclusion)”.

I explain all about LFI ( How does it work and how to secure and many more.)

LFI is listed as one of the OWASP Top 10 web application vulnerabilities.

<<<<<<<<Now Lets Begin>>>>>>>>>

What is Local File Inclusion (LFI)?

This is a vulnerability commonly found to affect web application that rely on a scripting run time. Local File Inclusion (LFI) or simply File Inclusion, refers to an inclusion attack through which an attacker can trick the web application into including files on the web server by exploiting a functionally that dynamically includes local files or scripts.

LFI attacks can expose sensitive information, and in severe cases, they can lead to cross-site scripting (XSS) and remote code execution.

An attacker can use remote code execution to create a web shell on the web server, which can be used for website defacement.

How does Local File Inclusion Work?

Usually, the path of the file that you want to open is sent to a function that can then return the content of the file as a string, print it on the current web page, or include it into the document and parse it as application code in the relevant language.

The following is an example in PHP that is vulnerable to Local File Inclusion (LFI).

      * Get the filename from a GET input
      * Example -
      $file = $_GET['file'];
      * Unsafely include the file
      * Example - filename.php
      include('directory/' . $file);

In the above example, an attacker could make the following request to trick the web application into executing a malicious script such as a webshell that the attacker managed to upload to the web server.

Here’s an example of a vulnerable PHP code that could lead to LFI:-

Here, the file uploaded by the attacker will be included and run as the user running the web app.In this way the attacker to run any code they wanted on the web server.

All the things work successfully when the attacker get the access into the website

Protecting Against LFI Attacks

The simplest method/way to eliminate LFI vulnerabilities is to avoid dynamically including files based on user input. If this is not possible, the application should maintain a whitelist of files that can be included in order to limit the attacker’s control over what gets included.

So this the basics AND the advance tutorial coming in future.

I hope you enjoy the article and maybe this is helpful for you.



Spread the love

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *