Local File Inclusion (LFI)

Scripts that takes filenames as parameters without sanitizing the user input is typically good candidates for LFI vulnerabilities. For example, a PHP script : foo.php?file=image2.jpg An attacker would replace image2.jpg with a directory traversel payload: foo.php?file=../../../../../../../etc/passwd Or other sensitive files

Command Injection – Tools and methods

Below is a list of common tools and methods to test for command injection. Commix

wfuzz

curl  

SMB Following could be used to achieve command execution and pop a reverse shell via poorly configured SMB.

SQLMap

SQLMap is a tool that can be used to automate scanning and exploiting of SQL Injection. Below is some examples using SQLMap.

In below examle the scan is based on login.req which is the HTTP captured and exported from

SQL Injection – RCE and LFI Methods

Upload PHP Command Injection Following can be used to get RCE / Command Execution when target is vulnerable to SQLi.

Load File via SQLi Following can be used to read files from target.

 

Bypassing Authentication with SQLi

SQL Injection –  Authentication Bypass Cheatsheet