This is pretty apt after we wrote about WebsiteDefender – Ensure Your Website Security on Monday, a platform for securing web applications with a focus on WordPress. Today a zero-day in a very commonly used WordPress library hit quite a few news sites. The flaw is in an image utility called TimThumb which is used [...]
Tag Archive | "local file inclusion"
There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI). A new simple tool was released recently which focuses purely on LFI attacks. Functions Automatically find the [...]
fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable. Features Check a Single URL, List of URLs, [...]
The latest news breaking over the Christmas period is that of a fairly serious bug in IIS that allows local file inclusion (LFI) of any filetype due a bug in the way IIS filters handle semicolons (;). Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version [...]