Monday, January 16, 2012

BURP SUITE - Part VII: LFI Exploit via /PROC/SELF/FD

I have previously shown you several methods for which we can exploit LFI vulnerabilities as well as genaral usage of Burp Suite tool set. I have put together a brief video of one last method I wanted to share with you. The methods used all build upon the previous tutorials only the location is new. We will take advantage of the system shortcuts made available by the /prov/self/fd file system. Once located they can be enumerated to locate log files for potential code injection vector. In the video I will show you an example of this method, sit back and enjoy....

VIDEO:


HR's BURP SUITE PACK - DOWNLOAD (NEW LINK):  http://uppit.com/6fj3c4vxi4xk/HR-BURP-PACK_1.23.12.rar

6 comments:

  1. tried this method on 5 servers ... thanks for you your work but not working ...

    ReplyDelete
    Replies
    1. it wont work on all servers and shouldnt work in most cases (as these logs should be protected and with restricted rights to view). However when conditions line up it is a very effective avenue of attack, I assure you. If this method is not working I highly suggest you try some of the other options I have highlighted in my other LFI tutorials. Best of luck to you...

      Delete
  2. the point is cause i tried until last post maybe 20 boxes none worked :) any suggest ? environ and fd not works anything else ?

    ReplyDelete
  3. yeah, try my other tutorials and see if any of those methods work...

    ReplyDelete
  4. can you share burb 1.4 v cuz 1.5 doesnt work on me?

    ReplyDelete
  5. sir please update this pos tthe video you said is not present...

    ReplyDelete