5 ways to Exploit LFi Vulnerability

The main aim of writing this article is to share the idea of making an attack on a web server using various techniques when the server is suffering from file inclusion vulnerability. As we all are aware of LFI vulnerability which allows the user to include a file through URL in the browser. In this article I have used two different platform bWAPP and DVWA which contains file inclusion vulnerability and through which I have performed LFI attack in FOUR different ways.

Basic local file inclusion

Open target IP in the browser and login inside BWAPP as bee: bug now choose the bug remote & local file Inclusion then click on hack.

Here the requested web page which suffering from RFI & LFI Vulnerability gets open. Where you will find a comment to select a language from the given drop down list, and when you click on go button the selected language file get included in URL. To perform basic attacks manipulate

http://192.168.1.101/bWAPP/rlfi.php?language=lang_en.php&action=go into 192.168.1.101/bWAPP/flfi.php?language=/etc/passwd

 In basic LFI attack we can directly read the content of a file from its directories using (../) or simply (/), now if you will notice the given below screenshot you will find that I have access the password file when the above URL is executed in the browser.

Null byte

 In some scenario the above basic local file inclusion attack may not work due to high security level. From below image you can observe now that I got fail to read the password file when executing the same path in URL. So when we face such kind of problem then go for NULL BYTE attack.

Now turn on burp suite to capture the browser request then select proxy tab and start intercept. Do not forget to set browser proxy while making use of burp suite

Now inside burp suite send the intercepted data into repeater.

Inside repeater you can do analysis of sent request and response generated by it. From screenshot it will be clear that /etc/passwd is not working and I am not able to read the password file.