There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).
A new simple tool was released recently which focuses purely on LFI attacks.
Functions
Automatically find the root of the file system
Detect default files outside of the web folder
Attempts to detect passwords inside the files
Supports basic authentication
Can use null byte to bypass some controls
Writes a report of the scan to a file
You can download LFIMAP 1.4.3 here:
lfimap-1.4.3.tar.gz
Tuesday, June 14, 2011
LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
0 comments:
Post a Comment