(02-16-2023, 11:21 AM)MIYAGV Wrote: Payload :
what is LFI?
Local File Inclusion is an attack technique in which attackers trick a web application into either running or exposing files on a web server. LFI attacks can expose sensitive information, and in severe cases, they can lead to cross-site scripting (XSS) and remote code execution.
How it can possibly be leveraged
Proc Environ Injection
is to manipulate the Process Environ file. In a nutshell, when a process is created and has an open file handler then a file descriptor will point to that requested file. If you are not familiar with File Descriptors, here is an introduction.
Our main target is to inject the /proc/self/environ file from the HTTP Header: User-Agent. This file hosts the initial environment of the Apache process. Thus, the environmental variable User-Agent is likely to appear there.
If the User-Agent header value is contained in this file, we can send a HTTP Request to the page with a malicious User-Agent value. As this is a well known technique it is likely that the environ file will be inaccessible. Here is how a similar response to the following request would look like:
Request:
$ curl
http://secureapplication.example/index.p...lf/environ
Response:
![[Image: 816bc09414f6028078e7b9b290c8c624.png]](https://i3.imageban.ru/out/2023/02/16/816bc09414f6028078e7b9b290c8c624.png)
![[Image: 4248b3188565904a51c4b62c8cc283de.png]](https://i6.imageban.ru/out/2023/02/16/4248b3188565904a51c4b62c8cc283de.png)
![[Image: 9ce53ed0b26ff48c6969a8a1e2940c83.png]](https://i2.imageban.ru/out/2023/02/16/9ce53ed0b26ff48c6969a8a1e2940c83.png)
USing these methods can possible be leveraged to RCE in google
Thanks man
