In this article, you will learn how to take access in any web server through ftp log poisoning if it is suffering from local file inclusion vulnerability.

What is PHP File Inclusion ?

With the help of include function you can include the content of php into another php file before server execute it. There are two important PHP functions.

  • The include() Function
  • The require() Function

What is Local File Inclusion ?

local File Inclusion vulnerability allows an attacker to upload his malicious script on the web server to be execute locally .
If the file inclusion vulnerability is found in the web server so you can perform the following attacks.

  • Remote Code Execution (RCE)
  • Cross-site Scripting (XSS)
  • Denial of Service (DOS)

Requirements :
Kali Linux – Attacker

Lets Start !!

First, You should have to configured apache server on your kali machine and After then create a directory by using following command.

Now, we have to go on that directory by using following commands for create a php file.

Open the lfi.php file in your favorite text editor and paste the code which is given below.

Purposes :
This file allow an user to include a file on web server through a file parameter.

Great ! You can observe when we execute the given url on browser it provide users and accounts details of the web server that means the target web server is effected by local file inclusion vulnerability.

We already have installed ftp server on our kali machine you can see by below given image.

Now, we need to give read and write permission to log file.

After give the permission you can access vsftpd.log file on your browser.

The vsftpd.conf file generates a log for every success and failed login attempt. Now, we try to connect to ftp port with using malicious php code as name which will help to create a fake logs on vsftpd.log file.

When you will check log file by using these command So you will find the malicious php code has been added a new log.

Now, we have command prompt of web server so we can execute any command such as :

If you want to get full control on web server so can use metasploit framework to exploit the web server.

Copy the highlighted text and paste on browser as shown given below.

After execute it, you will get meterpreter of the web server.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher.

Leave a Reply

Your email address will not be published. Required fields are marked *