Friday, December 30, 2011

Using CURL to exploit LFI to RCE from command line

I was having fun with curl and decided to make a short video to show how it can be used for all sort of things. It is extremely versatile command line utility, and if you are a command line junkie then this is a must have tool for you (works on all systems). In video I show how you can make basic connections, store output/responses, how to quickly search a file in Winblows for content, and finally how to exploit an LFI vulnerability from the command line with cURL. These methods can easily be adapted to perform SQL Injections, RFI, XSS, etc. For more details on cURL I highly suggest spending some time reading through their docs and tutorials on the homepage, which can be found here: http://curl.haxx.se/

If you're interested to learn more about LFI then please check my previous articles which covered the /proc/self/envron method as well as the LOG File Injection method. Hope you enjoyed this brief video tutorial. Until next year, Enjoy!

1 comment: