Practical strategies for exploiting FILE READ vulnerabilities

1. FILE READ — what’s that?

Click HERE for full size picture.

1.1 File read and LFI/RFI

1.2 Exploitation of file reading… so what exactly?

2. Confirming the vulnerability — TIPS & TRICKS

2.1 Do not get confused by the application

3. Getting to the core

3.1 Linux

find / -type f -size -510c -name "*.gif" 2>/dev/null

3.2 Windows

use auxiliary/server/capture/smb module

3.3 TIPS & TRICKS — remaining techniques

web.xml may contain paths to hidden application endpoints (servlets) in servlet-mapping elements

4. Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store