1 What's Local File Download(LFD)?
- Local file download is kind of misconfigured web master or webdeveloper on php application.
2 Effect
2.1 Personal/website
- You will able to view all php source code in plain text.
- php source code is such as mysql connection data, eg: host, username, password and database
3 vulnerable source code
- Example 1
<?php
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=".$_GET['tbdsec']);
echo file_get_contents($_GET['tbdsec']);
?>
- Example 2
<?php
$filename = $_GET['hmsec'];
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=".basename($filename).";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
@readfile($filename);
exit(0);
?>
4 Proof of Concept
- http://localhost/tbdsec.php?hmsec=configuration.php
- Download it, and open it.
- Walla! you able to all code in that page!
5 Patch code
- To admin/webmaster ask your web developer fix it :D
6 Suggestion
- Please don't you direct download, at least filter it.
7 Dork?
- No DORK For Script Kiddies
8 Thanks/Credits
- TDBSecurity(www.tbd.my<http://www.tbd.my>)
- HMSecurity(www.hmsecurity.org<http://www.hmsecurity.org>)
- Ahli Syurga Crew
- XShimeX
- Suhz
- And Google :D
Author: Ahlspiess
Local File Download Theory
December 29, 2009
0 Comments
Explore More
Double Your Defense with a Double Firewall
If you have a home network router, your computer and other computers on the network (such as your spouse’s laptop and your children’s computer) are protected from the outside world.
Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies
IntroductionThis tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.TheoryThe more different hops
Kaspersky’s support website hacked!
Hard to digest, but true. The leading anti-virus website provider Kaspersky’s support website got hacked and details are published at this blog. Kasperksy admitted that it’s their fault and blamed
