tom/darkly
1
0
Fork 0
mirror of https://github.com/tmoron/darkly.git synced 2025-09-27 04:48:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
darkly/LFI
History
RedShip 30b2ba0738 + | Some readme flags
2025-04-08 17:18:25 +02:00
..
flag
+ | Some readme flags
2025-04-08 17:18:25 +02:00
README.md
+ | Some readme flags
2025-04-08 17:18:25 +02:00

README.md

Local File Inclusion to Get the Flag

How We Found It

There was a Local File Inclusion (LFI) vulnerability in the page parameter. By messing with the URL and using a bunch of ../, we can directly go at the root of the machine and manage to access /etc/passwd. The flag was hidden in that file and popped up in an alert when we accessed it with the payload:

http://10.12.248.148/?page=../../../../../../../../../../../../../../../../../../../../etc/passwd`

Utility of It

LFI is actually a serious vulnerability in real-world applications. It can let attackers read sensitive files on the server (like config files, database credentials, or even source code), and sometimes it can be chained with other exploits to get full system access.

How Can We Patch It

Make sure to sanitize user input and avoid directly including files based on URL parameters. Only allow expected, whitelisted files to be loaded.