Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Unvalidated Redirects and Forwards
- -----------------------------------
- Attacker links to unvalidated redirects and tricks victim into clicking it, attacker targets unsafe forwards to bypass security check.
- eg http://anywebsite.com/redirect.jsp?url=evil.com
- ->->url=evil.com<-<-
- SO in layman terms you have to find a parameter like url or some parameter similar to url parameter that may have any tendency to redirect somewhere
- www.somewebsite.com/product?url=somewebsite.com/home
- MOST COMMONLY USED PARAMETERS---->
- ->
- DEST
- REDIRECT
- URL
- URI
- PATH
- CONTINUE
- WINDOW
- TO
- OUT
- VIEW
- DIR
- SHOW
- NAVIGATION
- OPEN
- URL
- FILE
- VAL
- VALIDATE
- DOMAIN
- CALLBACK
- RETURN
- PAGE
- FEED
- HOST
- PORT
- NEXT
- DATA
- SITE
- HTML
- PORT
- REFERENCE=somelink
- step 1: 127.0.0.1/lvs111
- step 2: click on Unvalidated Redirects and forwards.
- step 3: click on Manual redirects.
- _____________________________________
- File Inclusion :
- File inclusion is a vulnerability that lets hacker include files in a website(view or open files) with help of a file inclusion mechanism.
- File inlusion is of Two Types:
- 1. LFI- Local File Inclusion: Hacker includes files that are in the local server.
- 2. RFI- Remote file Inclusion: Hacker includes file that are in remote server
- step 1: start XAMPP ,Start mysql,apache
- step 2 : Change the security to low
- step 3 : Go to file inclusion ,read where is the include function
- step 4 : write file4.php there
- or
- step 5 : if you want include your file just save a notepad file in the file inclusion directory of dvwa in htdocs in your computer
- goto c drive -> xampp-> htdocs -> dvwa -> vulnerabilities ->file inclusion -> fi-> save a notepad file here
Add Comment
Please, Sign In to add comment