Skip to content

small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

License

Notifications You must be signed in to change notification settings

kikisslass/lfi-labs

 
 

Repository files navigation

lfi-labs

Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulnerabilities.

why?

For training and testing purposes. You can test detection products (e.g. vulnerability scanners), exploit tools, etc.

These are NOT intended for evaluating appsec testing tools.

The idea is that you'd add these to an Apache VirtualHost directive for testing purposes. If you need to do some quick and dirty testing, fire up php -S 0.0.0.0:8080 or something and go to town.

how?

Three big options.

  1. UN*X + Apache + PHP, install lfi-labs under somewhere and get to work.
  2. Run a Docker instance using the Dockerfile. docker-compose up
  3. Run a Vagrant instance using the Vagrantfile. vagrant up

who?

jose nazario @jnazario

inspired by

https://github.com/AUDI-1/sqli-labs

useful links

LFI/RFI/CMD injection background

walkthrough

About

small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 90.3%
  • Dockerfile 4.6%
  • Shell 4.3%
  • Other 0.8%