Isn't it harsh? LFI + code injection

A simple statement to avoid misunderstanding of the meaning of this article

Fckeditor does not have any hard-hitting vulnerability in this article.

It's just that the description of LFI can be used together with files like fckeditor that are not too harsh to detect soft injuries.

Of course, some children's shoes may say that LFI is far more than that.

Of course, this is dropping ~

I am only here to describe what I have recently studied and uploaded. What other technologies can be used together ~

So you don't have to have too much expectation for the technical value of this Article :)

In addition, xss is more rigorous in many cases than I have described ~

Bytes ----------------------------------------------------------------------------------------------

Test fckeditor with my framework at night

Think of something

In fact, as long as there is no secondary rendering protection for the uploaded files (and most upload verification is not at this level)

The file itself can be injected with code (at least basically allow uploading images and images can be injected with code)

Find the file path (no matter what the suffix name is)

You only need to work with one LFI Vulnerability (at least better than RFI)

You can use shell directly.

Compared with xss + cookie/session or other combinations of technologies

What's more, if LFI does not include other files, there may be permission restrictions?

However, combined upload is a powerful tool.

Isn't it harsh?

At least I feel like a breakthrough.

The following code is tested in the latest fckeditor 2.6.6.

Then use an LFI to get the shell.

 

 

 

Then we can continue to extend

The essence of LFI is code injection.

Where there is a Trojan

Whether it is any type of file, it can be taken without mistake.

Including html

 

Since html is also good, You Can YY some situations.

For the sake of security

With few features and no database

The Code of each station renders the data content into an html

Find interaction points like message boards or comment points

For example, guestbook.html or comment.html

You can leave a message or comment

A message or comment is a trojan.

LFI can include guestbook.html or comment.html.

You do not need to upload any more :)

Thinking is a little too broad.

From uploading to code injection and then LFI

Everyone should be YY ~

 

By le monde de CasperKid [S.Y. C]