Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The LFI (local file inclusion) allowed for any file to be easily included from the OS. This was trivially identified by a parameter which had a file name in it.
- LFI's leading to RCE are quite common. So, always try to upgrade this!
- Common ways to LFI listed are listed in the article... Here are a few:
- Using file upload forms/functions
- Using the PHP wrapper expect://command, php://file or php://filter
- Using input from log files, mail or other controllable input.
- He realized that the session_id and user were being added to the sessions file for PHP (yes, sessions are held in a file called /var/lib/php5/session_[PHPSESSID]. Now, by calling this session file with a particular username lead to RCE!
- Know how stuff works. pwn. profit.
