Hi,
This is my first time submitting a discussion and hope I’am submitting it in right place and category.
Yesterday when I tried to exploit the Nineveh machine I stacked in LFI vulnerability and I realized something stranger in LFI and what made me more surprised when I saw a walkthroughs of this machine.
Actually, what I saw are some people could exploit the LFI in different dirctory path. For Example:
The original path:
http://10.10.10.43/department/manage.php?notes=files/ninevehNotes.txt
Some people can go to specific path directory instead of files/ninevehNotes.txt :
http://10.10.10.43/department/manage.php?notes=/var/tmp/shell.php
Others, can do it in this way:
Also, by deleting the Files parameter:
http://10.10.10.43/department/manage.php?notes=/ninevehNotes/../var/tmp/shell.php
For me the last method worked fine with me while others do NOT.
How did this happen?
Why the others methods didn’t work?
Hope someone explain it to me, actually I spend all the day just to understand this part
Thanks in advance.