11
Downloads
-
0 Ratings
All Versions
11
Total Downloads
0
Downloads Last Week
Current Version
11
Total Downloads
0
Downloads Last Week
Downloads Last 10 Weeks
All Versions
-
0 Ratings
5
4
3
2
1
Current Version
-
0 Ratings
5
4
3
2
1

Simple Local File Inclusion ExploiterOverview

Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage
./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.PHP?file=main –vulnerable-parameter=file

Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to The Target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *Nix targets, but no Windows systems.

Known issues
- I know there is more about LFI than it is covered in this tool. But this is the first release,
and more features will be implemented in future versions.
- This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones. For example: Some LFI vulnerabilities consist of two URL parameters or require to find a way around filters. In those cases, this tool unfortunately does not work.

New

Fixed some bugs.

Simple Local File Inclusion ExploiterTech Specs

Version
1.1
Date
12.01.10
License
Free
Language
English
File Size
28KB
Category
SubCategory
Operating Systems
Not Application
System Requirements
No additional system requirements.

SelectedFor You

Immunet Protect Free Icon
Immunet Corporation
Immunet provides essential antivirus protection for PC users.
Kaspersky Anti-Virus Icon
Kaspersky Lab
Protect your PC against viruses, spyware, Trojans, worms, rootkits, and bots.
360 Internet Security Icon
QIHU 360
All-in-one antivirus solution, free and professional!
Avast Free Antivirus Icon
AVAST Software
Stay safe from viruses, malware, spyware.
ESET Smart Security Icon
ESET
Protect your PC from viruses, worms, spyware, and other Internet threats.
Zemana AntiLogger Free Icon
Zemana Ltd.
Protect your Windows computer from keylogger attacks.
NetQin Mobile Antivirus for Nokia Icon
Beijing NetQin Tech. Co., Ltd.
NetQin antivirus, antispam, Protect for Nokia.
ESET NOD32 Antivirus Icon
ESET
Protect your system and files from virus and spyware.