11-18-2022, 01:49 PM
Hello Club Hydra Community, today we at Team zfl0 brings to you a vulnerabilty in google.com
Enjoy!
Payload :https://www.google.com/complete/search?client=firefox&q=2
what is LFI?
Local File Inclusion is an attack technique in which attackers trick a web application into either running or exposing files on a web server. LFI attacks can expose sensitive information, and in severe cases, they can lead to cross-site scripting (XSS) and remote code execution.
How it can possibly be leveraged
Proc Environ Injection
[align=justify]is to manipulate the Process Environ file. In a nutshell, when a process is created and has an open file handler then a file descriptor will point to that requested file. If you are not familiar with File Descriptors, here is an introduction.[/align]
[align=justify]Our main target is to inject the /proc/self/environ file from the HTTP Header: User-Agent. This file hosts the initial environment of the Apache process. Thus, the environmental variable User-Agent is likely to appear there.[/align]
[align=justify]If the User-Agent header value is contained in this file, we can send a HTTP Request to the page with a malicious User-Agent value. As this is a well known technique it is likely that the environ file will be inaccessible. Here is how a similar response to the following request would look like:[/align]
[align=justify]Request:[/align]
$ curl
http://secureapplication.example/index.php?view=../../../proc/self/environ
[align=justify]Response:[/align]
[size=1][/size]
[align=justify][size=1]Again, with Burp this is the malicious request sent. Note that the User-Agent Header has been modified.[/size][/align]
[size=1][/size]
[align=justify][size=1]Again, we have successfully received a reverse shell.[/size][/align]
[size=1][/size]
USing these methods can possible be leveraged to RCE in google
Enjoy!
Payload :https://www.google.com/complete/search?client=firefox&q=2
what is LFI?
Local File Inclusion is an attack technique in which attackers trick a web application into either running or exposing files on a web server. LFI attacks can expose sensitive information, and in severe cases, they can lead to cross-site scripting (XSS) and remote code execution.
How it can possibly be leveraged
Proc Environ Injection
[align=justify]is to manipulate the Process Environ file. In a nutshell, when a process is created and has an open file handler then a file descriptor will point to that requested file. If you are not familiar with File Descriptors, here is an introduction.[/align]
[align=justify]Our main target is to inject the /proc/self/environ file from the HTTP Header: User-Agent. This file hosts the initial environment of the Apache process. Thus, the environmental variable User-Agent is likely to appear there.[/align]
[align=justify]If the User-Agent header value is contained in this file, we can send a HTTP Request to the page with a malicious User-Agent value. As this is a well known technique it is likely that the environ file will be inaccessible. Here is how a similar response to the following request would look like:[/align]
[align=justify]Request:[/align]
$ curl
http://secureapplication.example/index.php?view=../../../proc/self/environ
[align=justify]Response:[/align]
[size=1][/size]
[align=justify][size=1]Again, with Burp this is the malicious request sent. Note that the User-Agent Header has been modified.[/size][/align]
[size=1][/size]
[align=justify][size=1]Again, we have successfully received a reverse shell.[/size][/align]
[size=1][/size]
USing these methods can possible be leveraged to RCE in google