File Inclusion (FI) is a type of vulnerability most often found on websites. It allows an attacker to include a local file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity.
1.) Open Browser And go to the DVWA web browser page (http://localhost/dvwa/Login.php)
2.) Input Username : admin and Password : password Next Login
3.) Go to the DVWA Security page and change the Script Security setting from high to low.
4.) Go to the File Inclusion page of DVWA and we will get started.
5.) Click the View Source button to see what the File Inclusion Source looks like, this will give us an idea of how this works and what we can do.
Now we can see that there is no filtering of what we include, so lets try some things out.
6.) Change the URL from http://localhost/dvwa/vulnerabilities/fi/?page=include.php to http://localhost/dvwa/vulnerabilities/fi/?page=/etc/passwd and see what happens.
As you can see, we get the contents of the passwd file and a few error messages. We now know the name of every user who can log into the local system, but what about all of the groups that exist?
7.) Again change the URL to http://localhost/dvaw/vulnerabilities/fi/?page=/etc/group and see what happens.
Again, we get the contents of the group file and some error messages. We could view the contents of any file the web server has read access. If this were a truly insecure website, we could also use this to view pages on other websites by changing the URL like we did before but instead pointing to a remote file or webpage.
1.) Open Browser And go to the DVWA web browser page (http://localhost/dvwa/Login.php)
2.) Input Username : admin and Password : password Next Login
3.) Go to the DVWA Security page and change the Script Security setting from high to low.
4.) Go to the File Inclusion page of DVWA and we will get started.
5.) Click the View Source button to see what the File Inclusion Source looks like, this will give us an idea of how this works and what we can do.
Now we can see that there is no filtering of what we include, so lets try some things out.
6.) Change the URL from http://localhost/dvwa/vulnerabilities/fi/?page=include.php to http://localhost/dvwa/vulnerabilities/fi/?page=/etc/passwd and see what happens.
As you can see, we get the contents of the passwd file and a few error messages. We now know the name of every user who can log into the local system, but what about all of the groups that exist?
7.) Again change the URL to http://localhost/dvaw/vulnerabilities/fi/?page=/etc/group and see what happens.
Again, we get the contents of the group file and some error messages. We could view the contents of any file the web server has read access. If this were a truly insecure website, we could also use this to view pages on other websites by changing the URL like we did before but instead pointing to a remote file or webpage.
Tidak ada komentar:
Posting Komentar