Insomnia: Whitepaper - LFI With PHPInfo Assistance
- From: "Brett Moore" <brett.moore@xxxxxxxxxxxxxxx>
- Date: Tue, 6 Sep 2011 13:27:47 +1200
___________________________________________________________________
Insomnia Security :: LFI With PHPInfo Assistance
___________________________________________________________________
Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Link:
http://www.insomniasec.com/releases/whitepapers-presentations
___________________________________________________________________
Whitepaper explaining how PHPInfo can be used to assist with the
exploitation of LFI vulnerabilities on PHP when combined with the
file upload handling feature that is enabled by default.
The research in this whitepaper is an extension of the published
work by Gynvael Coldwind in the paper "PHP LFI to arbitratry code
execution via rfc1867 file upload temporary files"
___________________________________________________________________
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Prev by Date: Should or shouldn't block public ping to a website
- Next by Date: RE: Validating if password is encoded or encrypted
- Previous by thread: Should or shouldn't block public ping to a website
- Next by thread: NetworkMiner 1.1 released on SourceForge!
- Index(es):
