OffSec Blog

“The quieter you become, the more you are able to hear”
Menu Menu
  • Enumeration and Recon
    • Recon Tools
    • OSINT
    • Vulnerability Scanning
    • Windows Enumeration
    • Linux Enumeration
    • SNMP Enum
    • SMB Enum
    • Web Enum
    • CMS Enum
    • Phishing
  • Exploiting Vulnerabilities
    • Buffer Overflow
    • Windows
    • Linux
    • Web
      • Bypassing File Upload Restrictions
      • LFI/RFI
      • SQL Injection
      • XSS
    • Reverse Shell
    • Metasploit Payloads
  • Post Exploitation
    • General
    • Linux
    • Windows
    • Pivoting

Tag: LFI

Local File Inclusion (LFI)

April 16, 2019
 |  No Comments
 |  LFI/RFI, Web Exploiting

Scripts that takes filenames as parameters without sanitizing the user input is typically good candidates for LFI vulnerabilities. For […]

Read More →

SQL Injection – RCE and LFI Methods

February 24, 2019
 |  No Comments
 |  SQL Injection

Upload PHP Command Injection Following can be used to get RCE / Command Execution when target is vulnerable to […]

Read More →

XXE/XML Attack

 |  No Comments
 |  Web Enum

Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML. […]

Read More →

Category

  • Enumeration and Recon
    • Bug Bounties
    • CMS Enum
    • Linux Enumeration
    • Network Mapping
    • Recon Tools
    • SMB Enum
    • SNMP Enum
    • Vulnerability Scanning
    • Web Enum
    • Windows Enumeration
  • Exploiting Vulnerabilities
    • Metasploit Payloads
    • Reverse Shell
    • Web Exploiting
      • Bypassing File Upload Restrictions
      • LFI/RFI
      • SQL Injection
      • XSS
    • Windows
  • Post Exploitation
    • General
    • Linux
    • Pivoting
    • Windows
  • Uncategorized

Archives

  • July 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019

Meta

  • Log in
ClOSE SIDEBAR
OPEN SIDEBAR
Full Page