Automated v.0.1.0 LFI – Local File Inclusion Exploit

Automating the exploitation of flaws LFI (Local File Inclusion).The tool uses three methods of operation, injection logs in Apache, Code injection in USERAGENT using / proc / self / environ and finally using the PHP :/ / input, using the last few I see, so I implemented it in the tool.The intent of the program is to identify if any parameter in the URL passed, this vulnerable, according to LFI charged payloads (.. /.. / Etc / passwd .. /.. /.. /.. / Etc / passwd, etc. ..), try to exploit by identifying turning in LFI RCE (I refer code execution), and so could send a shell (CMD) for the vulnerable site.

The attempt to level the CMD on the host, is done by functions (file_get_contents, passthru, system, shell_exec and fopen) always trying to save the directories (now, .. / .. / .. / .. / .. / .. /, img /, imgs /, images / and upload /) that sometimes does not have sufficient permission to save the file in certain directories, so he tries a few patterns, usually image directories have permission to write files.

Well, the program is quite simple enough to put the URL you want to explore, select options, settings arrow YOUR CMD (You must have a CMD as txt upada in some place on the web), and with just one click on the program will attempt to exploit and inject their CMD in the target host.


Download Latest version : (1.2 MB)
Find Other Version |
Read more in here :