FIle Inclusion

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

FIle Inclusion

Post by aumatclo on Sun May 27, 2018 5:51 pm
([msg=95756]see FIle Inclusion[/msg])

Hi there,
Following my previous post, I didn't get any andswer so I decided to go further and spend some hours looking for an answer online.
I didn't find anything either...
Except after analyzing an interesting page, where I can do a file inclusion !!
The file inclusion is doable with a post request but I faced a new problem :

I can access the content (the list of what is inside the /etc/ directory) with /../../../../../../../../../../etc/ and I can see that shadow, passwd and many others files are inside (ask if you want a complete list) but when I try to open it with /../../../../../../../../../../etc/passwd (for example) I received a blank page.
I tried every encode possible (%2500 %00 and so on) and impossible to display the content of the file.

Is there any file inclusion amateurs here ?
Maybe to give me a small hand

Cheers
aumatclo
New User
New User
 
Posts: 2
Joined: Thu May 24, 2018 9:27 am
Blog: View Blog (0)


Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests