Search code examples
webweb-applicationsctf

How to test and exploit LFI vulnerabilities

I am looking for removing false positives while testing LFI vulnerabilities using automatic scanners like LFISuite.Any tools and tips that we can use to test for LFI vulnerabilities in endpoints like:

https://example.com/profile?p=FUZZ

https://example.com/index.html?file=FUZZ

Methodology i uses

  1. First try to find endpoints that can have potential LFI vulnerabiliites using tools like assetfinder and gf-patterns
  2. Second then using LFI Scanners like LFISuite or Burp Intruder to checki for http response code 200 when file is replaced with /etc/passwd or similar payloads 3.But even if the http response is 200 the result is often some code getting exposed rather than the contents of root directory that can be exploited to get shell or reverse shell.

Looking for some method or tool different from above to try to find LFI vulnerabilities.Any pointers in terms of pdfs, urls, youtube videos will be of great help.

Thanks

Solution

  • I find the best way is using FFUF. I run it for a few seconds then if i get a lot of useless info back I look at what's common in them. For example, they all might contain 485 words, or a certain number of lines or what have you. I then use the --fw or --fl in those examples i gave to not print out anything that has those values.

    A great site to learn more about FUFF's intricacies is: https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html