Insomnia: Whitepaper - LFI With PHPInfo Assistance



___________________________________________________________________

Insomnia Security :: LFI With PHPInfo Assistance
___________________________________________________________________

Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Link:
http://www.insomniasec.com/releases/whitepapers-presentations
___________________________________________________________________

Whitepaper explaining how PHPInfo can be used to assist with the
exploitation of LFI vulnerabilities on PHP when combined with the
file upload handling feature that is enabled by default.

The research in this whitepaper is an extension of the published
work by Gynvael Coldwind in the paper "PHP LFI to arbitratry code
execution via rfc1867 file upload temporary files"
___________________________________________________________________



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------