Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

how to extend LFI with image

From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Fri, 7 May 2010 21:45:24 +0800
Hi gurus

During this pentes, I find a php file is vulnerable to LFI.
But this file is not to show page contents but it reads the image from
local disk and output original images which blends with
the site watermark. It uses PHP GD functions to this.
I get error like:

<b>Warning</b>:  getimagesize(images/nonexist) [<a
href='function.getimagesize'>function.getimagesize</a>]: failed to
open stream: No such file or directory in
<b>/var/www/client/photo.php</b> on line <b>12</b><br />
ÿØÿà >CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
........... binary strings .............


How can I exploit it to read other non-image local files like
.htaccess to prove the impact of this vulnerability?
Thanks!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: