1 What's Local File Download(LFD)? - Local file download is kind of misconfigured web master or webdeveloper on php application. 2 Effect 2.1 Personal/website - You will able to view all php source code in plain text. - php source code is such as mysql connection data, eg: host, username, password and database 3 vulnerable source code - Example 1 <?php header("Content-type: application/octet-stream"); header("Content-disposition: attachment; filename=".$_GET['tbdsec']); echo file_get_contents($_GET['tbdsec']); ?> - Example 2 <?php $filename = $_GET['hmsec']; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header("Content-Disposition: attachment; filename=".basename($filename).";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($filename)); @readfile($filename); exit(0); ?> 4 Proof of Concept - http://localhost/tbdsec.php?hmsec=configuration.php - Download it, and open it. - Walla! you able to all code in that page! 5 Patch code - To admin/webmaster ask your web developer fix it :D 6 Suggestion - Please don't you direct download, at least filter it. 7 Dork? - No DORK For Script Kiddies 8 Thanks/Credits - TDBSecurity(www.tbd.my<http://www.tbd.my>) - HMSecurity(www.hmsecurity.org<http://www.hmsecurity.org>) - Ahli Syurga Crew - XShimeX - Suhz - And Google :DAuthor: Ahlspiess
Local File Download Theory
December 29, 2009
0 Comments
Explore More
What are the various methods of passive OS fingerprinting?
In passive OS fingerprinting, an attacker installs a sniffer on any third party such as a router on which the victim communicates frequently. Now he studies the sniffer’s log and
Preventing ID Theft
Identity theft is the intentional use or theft of a person’s private information to obtain goods or services from another entity. “Private†information is the facts about you that are
Basic Remote File Inclusion
Basic Remote File Inclusion DefinitionRemote file inclusion, commonly known as RFI is a form of attack where the attacker trys to inject there own php code inside your php app’s.