[PDF] FYI: You got LFI

http://thehiddenwiki.pw/files/hacking/bh-eu-12-Be’ery-FYI_you_got_LFI-WP.pdf

Abstract

background

PHP internals

ution process

PHP include function

Malicious File Includes

Classic RFI

Classic RFI “in the wild”

Advanced RFI using PHP streams

Malicious File Includes

Adding PHP code to log files

Uploading use

MFI in the wild

Setup and Methodology

RFI in the wild

Attack sources analysis

Shell hosting URLs analysis

Shells analysis

Bibliography

About Imperva

PHP streams and wrappers

Leave a Reply

Your email address will not be published. Required fields are marked *