My last post was on Local File Inclusion(LFI) . LFI is a common website vulnerability and it is used for website hacking. There are some existing tools that deal with LFI vulnerabilities such as lfimap the Remote & Local File Inclusion (RFI/LFI) Scanner .
This new simple tool was released recently which focuses purely on LFI attacks. Test your website with this tool for LFI.
Functions:
- Automatically find the root of the file system
- Detect default files outside of the web folder
- Attempts to detect passwords inside the files
- Supports basic authentication
- Can use null byte to bypass some controls
- Writes a report of the scan to a file
Download here:
http://lfimap.googlecode.com/files/lfimap-1.4.3.tar.gz
0 comments:
Post a Comment