Exploiting: LFI

INDEX

Description

Exploitation: LFI

Preventive Measures /Mitigation

Description:

LFI: A LFI attack aims to access files and directories that are stored outside the Web-root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system file.

Its severity based on what information is stolen. A successful LFI attacks leads to XSS and RCE. Whenever application takes file path input that time attacker try to inject malicious shell to execute their script. So why it happens because web-application allows submitting input into files or upload files to the server.

Now if in the above case if server is running with high privileges, attacker is able to get sensitive information from the server. For traversal we used ‘../’ characters, the number of ‘../’ sequences depend on the configuration and location of the target web server on the victim machine.

Some of interesting files generally attacker look (but not limited to)

Linux machine
— /proc/version
— /etc/profile
— /etc/passwd
— /etc/shadow