Local File Inclusion (LFI)

Scripts that takes filenames as parameters without sanitizing the user input is typically good candidates for LFI vulnerabilities. For example, a PHP script : foo.php?file=image2.jpg An attacker would replace image2.jpg with a directory traversel payload: foo.php?file=../../../../../../../etc/passwd Or other sensitive files

Command Injection – Tools and methods

Below is a list of common tools and methods to test for command injection. Commix

wfuzz

curl  

SMB Following could be used to achieve command execution and pop a reverse shell via poorly configured SMB.

SQL Injection – RCE and LFI Methods

Upload PHP Command Injection Following can be used to get RCE / Command Execution when target is vulnerable to SQLi.

Load File via SQLi Following can be used to read files from target.

 

XXE/XML Attack

Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML.