gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-03-01 15:03:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

Adding soffensive's windowsblindread file

Browse Source
This commit is contained in:
Swissky
2018-08-03 17:56:29 +02:00
parent 644724396f
commit b20cdde4d9
2 changed files with 221 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
File Inclusion - Path Traversal/README.md
View File

@@ -18,7 +18,7 @@ The File Inclusion vulnerability allows an attacker to include a file, usually e
* [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions)
Interesting files to check out :
Linux - Interesting files to check out :
```
/etc/issue
/etc/passwd
@@ -38,6 +38,32 @@ Interesting files to check out :
/proc/net/tcp
/proc/net/udp
```
Windows - Interesting files to check out (Extracted from https://github.com/soffensive/windowsblindread)
```
c:/boot.ini
c:/inetpub/logs/logfiles
c:/inetpub/wwwroot/global.asa
c:/inetpub/wwwroot/index.asp
c:/inetpub/wwwroot/web.config
c:/sysprep.inf
c:/sysprep.xml
c:/sysprep/sysprep.inf
c:/sysprep/sysprep.xml
c:/system32/inetsrv/metabase.xml
c:/sysprep.inf
c:/sysprep.xml
c:/sysprep/sysprep.inf
c:/sysprep/sysprep.xml
c:/system volume information/wpsettings.dat
c:/system32/inetsrv/metabase.xml
c:/unattend.txt
c:/unattend.xml
c:/unattended.txt
c:/unattended.xml
```
The following log files are controllable and can be included with an evil payload to achieve a command execution
```
/var/log/apache/access.log
@@ -210,4 +236,5 @@ login=1&user=admin&pass=password&lang=/../../../../../../../../../var/lib/php5/s
* [Is PHP vulnerable and under what conditions?](http://0x191unauthorized.blogspot.fr/2015/04/is-php-vulnerable-and-under-what.html)
* [Upgrade from LFI to RCE via PHP Sessions](https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/)
* [Local file inclusion tricks](http://devels-playground.blogspot.fr/2007/08/local-file-inclusion-tricks.html)
* [CVV #1: Local File Inclusion - SI9INT](https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
* [CVV #1: Local File Inclusion - SI9INT](https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a)
* [Exploiting Blind File Reads / Path Traversal Vulnerabilities on Microsoft Windows Operating Systems - @evisneffos](http://www.soffensive.com/2018/06/exploiting-blind-file-reads-path.html)