Hello Brett! LFI is interesting vulnerability (including in PHP web applications) and there are known many methods of their exploitation. And Gynvael Coldwind have added one more method. Both Gynvael's and yours papers are interesting. With your work you showed that phpinfo scripts are dangerous not just because of Information Leakage and XSS (in PHP < 4.4.1, 4.4.3-4.4.6), but also as vector of exploitation of LFI holes (if there are such ones at web site). Good work. Best wishes & regards, MustLive http://soundcloud.com/mustlive Brett Moore brett.moore at insomniasec.com Mon Sep 5 21:28:45 EDT 2011 > ___________________________________________________________________ > > Insomnia Security :: LFI With PHPInfo Assistance > ___________________________________________________________________ > > Name: LFI With PHPInfo Assistance > Released: 06 September 2011 > Author: Brett Moore, Insomnia Security > Original Link: > http://www.insomniasec.com/releases/whitepapers-presentations > ___________________________________________________________________ > > Whitepaper explaining how PHPInfo can be used to assist with the > exploitation of LFI vulnerabilities on PHP when combined with the > file upload handling feature that is enabled by default. > > The research in this whitepaper is an extension of the published > work by Gynvael Coldwind in the paper "PHP LFI to arbitratry code > execution via rfc1867 file upload temporary files" > ___________________________________________________________________