Part 3 Risky Resource Mgmt Demo

Video Activity

This lesson offers a demonstration of a path traversal with local file inclusion attack. Because of a certain PHP script, it is easy for a hacker to do a path traversal on the web server to see if there is a local file on the system. Using the Burp Suite interceptor, a request is send out and you can see the URL parameters and this is easily replac...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Description

This lesson offers a demonstration of a path traversal with local file inclusion attack. Because of a certain PHP script, it is easy for a hacker to do a path traversal on the web server to see if there is a local file on the system. Using the Burp Suite interceptor, a request is send out and you can see the URL parameters and this is easily replaced with something out (e.g., the boot file).

Video Transcription
00:04
Hello and welcome to the Cyberia secure cutting course. My name is Sonny Wear, and this is Sands Top 25. Risky Resource Management category. Demo Path Traverse along with local file inclusion Attack
00:22
This is the demo for Path Reversal and a local file inclusion attack. Amusing Mattila Day, and I am using the arbitrary file inclusion menu item.
00:35
So
00:36
what the page describes is how the parameter
00:42
at the top is
00:44
of page, and then it's followed by a PHP script.
00:49
And so because of this, it would be easy for an attacker to determine if there's a way to either
00:58
call out to a script that would be on a remote server
01:03
by replacing page with the extra on your l or by doing a pack, traverse a ll on the Web server itself
01:11
and determine if we can see a local file on the system.
01:17
So how we could do that is gonna go ahead and start burp. Sweet. Start up my interceptor.
01:23
I'm going to
01:26
refresh the page.
01:30
And so this is the request coming in in my parameters tab, you can see that the euro parameter page is located there. I could very easily replace this
01:42
with something local on the machine If we wanted to. Perhaps try to see the boot dot I and I file If this is a Windows machine, we could very easily do that
01:57
by typing in dot, dot, slash Doctor.
02:07
Okay? And then so now I'm just gonna go ahead and forward that.
02:14
And as you can see, I was successful, so I not only was able to
02:21
perform a path reversal,
02:23
but I was able to then
02:25
see a privileged file which I should not be authorized to see. And
02:32
that file actually gives me access to information I shouldn't be authorized to see. So there's a There's an information disclosure problem, and they're a swell.
Up Next