Sinisterly
LFD (Local File Disclosure) Exploiting - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: LFD (Local File Disclosure) Exploiting (/Thread-LFD-Local-File-Disclosure-Exploiting)

LFD (Local File Disclosure) Exploiting - kratuspneuma - 12-19-2013

This thecnique is very simple but, a lot of web sites are still opened with this.

It is a vuln than let us to see DB credentials in the source code.

Follow me:

1 - Use a dork like this: "inurl:yoursite+download.asp+pdf+id" to scan your site by the vuln.

2 - Take the result and changes the result with in path file: "id=file.pdf" by this "id=../index.asp", remember, the changes will depends of the technology(ASP.net, ASP, PHP...) envolved on server.

3 - In some seconds you got the index of the ASP site, look in the code and search some like: "Includes/Connect.asp" or similars, down them all

4 - Look at the code and see the server path, database, user and password of them! Simple that!

Ps.: Sorry for my bad english

RE: LFD (Local File Disclosure) Exploiting - Adorapuff - 12-19-2013

Instead of a shitty tutorial, explain why the code is vulnerable and what is going on.

RE: LFD (Local File Disclosure) Exploiting - kratuspneuma - 12-19-2013

(12-19-2013, 05:22 AM)Adorapuff Wrote: Instead of a shitty tutorial, explain why the code is vulnerable and what is going on.

Man,

Not so much to explain, is so simple but, here we go:

1- The developer left the code open to download others files out of the original scope, in this case "download.asp" is vulnerable

2 - We get the index(or another file) with the paths to others that has the credentials to DB, in this case: Includes/connection.asp

3 - With the DB credentials in your hands, you can search for the management site logon users (to defacers), delete tables to (kiddies), upload a shell and creat a backdoor to use as bot, in my case I have access to a .gov web site of my city for own business.. Tongue

RE: LFD (Local File Disclosure) Exploiting - kratuspneuma - 12-29-2013

Thanks packo,

In next tutorials I promess make them more atractives and explain a little bit more about the vuln.

Cheers!!!

RE: LFD (Local File Disclosure) Exploiting - Dismas - 12-29-2013

It is a real shame that some sites are still vulnerable to this sort of thing.

RE: LFD (Local File Disclosure) Exploiting - Taken - 12-30-2013

Step 2 got my dick hanging to the fan.

RE: LFD (Local File Disclosure) Exploiting - kratuspneuma - 01-07-2014

(12-29-2013, 08:23 AM)Oni Wrote: It is a real shame that some sites are still vulnerable to this sort of thing.

Oni,

Really! So much sites, including governamental sites are opened with this simple vuln.

Cheers. Cool