In this post, We used the vulnerable web application Mutillidae to demonstrate local file inclusion vulnerability.
In the scenario, we notice the URL:
http://localhost/mutillidae/index.php?page=arbitrary-file-inclusion.php
The parameter page points to a php file. If there is no input validation that checks the user
input to the page parameter, then the user will be able to change the value ( in this case it is
arbitrary-file-inclusion.php) to any desired value. This raises the possibility of exposing
sensitive files on the target machine such as (/etc/passwd).
Lets take an example and try to reveal the content of /etc/resolv.conf. This file shows the
DNS configuration.
Lets take an example and try to reveal the content of /etc/resolv.conf. This file shows the
DNS configuration.
Payload
http://localhost/mutillidae/index.php?page=/etc/resolv.conf
Once local file inclusion is confirmed, we can reveal more sensitive files such as /etc/passwd
and /etc/shadows. We can copy the hashes and usernames in a file for later cracking offline.
Payload
http://localhost/mutillidae/index.php?page=/etc/passwd
http://localhost/mutillidae/index.php?page=/etc/shadow
