Hello Brett!
LFI is interesting vulnerability (including in PHP web applications) and
there are known many methods of their exploitation. And Gynvael Coldwind
have added one more method.
Both Gynvael's and yours papers are interesting. With your work you showed
that phpinfo scripts are dangerous not just because of Information Leakage
and XSS (in PHP < 4.4.1, 4.4.3-4.4.6), but also as vector of exploitation of
LFI holes (if there are such ones at web site). Good work.
Best wishes & regards,
MustLive
http://soundcloud.com/mustlive
Brett Moore brett.moore at insomniasec.com
Mon Sep 5 21:28:45 EDT 2011
Insomnia Security :: LFI With PHPInfo Assistance
Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Link:
http://www.insomniasec.com/releases/whitepapers-presentations
Whitepaper explaining how PHPInfo can be used to assist with the
exploitation of LFI vulnerabilities on PHP when combined with the
file upload handling feature that is enabled by default.
The research in this whitepaper is an extension of the published
work by Gynvael Coldwind in the paper "PHP LFI to arbitratry code
execution via rfc1867 file upload temporary files"
Hello Brett!
LFI is interesting vulnerability (including in PHP web applications) and
there are known many methods of their exploitation. And Gynvael Coldwind
have added one more method.
Both Gynvael's and yours papers are interesting. With your work you showed
that phpinfo scripts are dangerous not just because of Information Leakage
and XSS (in PHP < 4.4.1, 4.4.3-4.4.6), but also as vector of exploitation of
LFI holes (if there are such ones at web site). Good work.
Best wishes & regards,
MustLive
http://soundcloud.com/mustlive
Brett Moore brett.moore at insomniasec.com
Mon Sep 5 21:28:45 EDT 2011
> ___________________________________________________________________
>
> Insomnia Security :: LFI With PHPInfo Assistance
> ___________________________________________________________________
>
> Name: LFI With PHPInfo Assistance
> Released: 06 September 2011
> Author: Brett Moore, Insomnia Security
> Original Link:
> http://www.insomniasec.com/releases/whitepapers-presentations
> ___________________________________________________________________
>
> Whitepaper explaining how PHPInfo can be used to assist with the
> exploitation of LFI vulnerabilities on PHP when combined with the
> file upload handling feature that is enabled by default.
>
> The research in this whitepaper is an extension of the published
> work by Gynvael Coldwind in the paper "PHP LFI to arbitratry code
> execution via rfc1867 file upload temporary files"
> ___________________________________________________________________