2.Basic-bypasses

Key Takeaways:

  • Non-Recursive Path Traversal Filters:

    • Exploiting filters that only replace ../ once.

    • Bypasses: ....//, ..././, ....\/.

    • Highlights the importance of recursive filtering.

  • Encoding:

    • Bypassing filters that block specific characters (., /).

    • Techniques: URL encoding (%2e%2e%2f), double encoding.

    • Emphasizes the need for proper input decoding.

  • Approved Paths:

    • Bypassing filters that restrict file inclusion to specific directories.

    • Technique: Starting the payload with the approved path and then using path traversal.

    • Shows how to combine bypass techniques.

  • Appended Extension:

    • Addressing web applications that append extensions (e.g., .php).

    • Path Truncation (Obsolete):

      • Exploiting length limitations in older PHP versions.

      • Technique: Creating long strings to truncate the appended extension.

      • Important to note that this is mostly historical information.

    • Null Bytes (Obsolete):

      • Exploiting null byte injection vulnerabilities in older PHP versions.

      • Technique: Appending %00 to truncate the appended extension.

      • Also very important to note that this is mostly historical information.

Additional Considerations:

  • Real-World Scenarios:

    • In real-world scenarios, web applications often combine multiple filters and protections.

    • Attackers need to be creative and combine different bypass techniques.

  • Regular Expression Complexity:

    • Complex regular expressions can sometimes introduce new vulnerabilities.

    • Attackers may try to find edge cases or unexpected behavior in the regex.

  • WAF (Web Application Firewall) Bypasses:

    • WAFs can also block LFI attacks.

    • Attackers may use encoding, obfuscation, or other techniques to bypass WAF rules.

  • Modern PHP Security:

    • Modern PHP versions have significantly improved security against LFI vulnerabilities.

    • Developers should still follow best practices for input validation and sanitization.

  • Defense in Depth:

    • Implementing multiple layers of security is crucial.

    • This includes input validation, access controls, and regular security audits.

  • Testing:

    • It is very important to test all user supplied input. Fuzzing tools can be very useful for this.

  • Least Privilege:

    • File system permissions should follow the principle of least privilege. The web server should only have access to the files it absolutely needs.

Code Examples

Non-Recursive Path Traversal Bypass

### Using traversal bypass techniques
curl "http://example.com/?file=....//etc/passwd"

Encoding Bypass

### Using URL encoding to bypass restrictions
curl "http://example.com/?file=%2e%2e%2fetc/passwd"

PHP Wrappers for LFI

### Using PHP filter wrapper to read source code
curl "http://example.com/?file=php://filter/convert.base64-encode/resource=index.php"
Previous1.Local-file-inclusion-lfiNext3.PHP-filters

Last updated