I am looking for removing false positives while testing LFI vulnerabilities using automatic scanners like LFISuite.Any tools and tips that we can use to test for LFI vulnerabilities in endpoints like:
https://example.com/profile?p=FUZZ
https://example.com/index.html?file=FUZZ
Methodology i uses
- First try to find endpoints that can have potential LFI vulnerabiliites using tools like assetfinder and gf-patterns
- Second then using LFI Scanners like LFISuite or Burp Intruder to checki for http response code 200 when file is replaced with /etc/passwd or similar payloads 3.But even if the http response is 200 the result is often some code getting exposed rather than the contents of root directory that can be exploited to get shell or reverse shell.
Looking for some method or tool different from above to try to find LFI vulnerabilities.Any pointers in terms of pdfs, urls, youtube videos will be of great help.
Thanks
Aucun commentaire:
Enregistrer un commentaire