‘Simple Local File Inclusion Exploiter’

Summary

Credit:

‘The information has been provided by Valentin H bel.
To keep updated with the tool visit the project’s homepage at: http://www.xenuser.org/2010/11/21/simple-local-file-inclusion-exploiter-version-1-0-released/


Details

‘The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Feature list
– Provides a random user agent for the connection.
– Checks if a connection to the target can be established.
– Tries catch most errors with error handling.
– Contains a LFI scanner (only scans one parameter at once).
– Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
– Supports nullbytes!
– Exploit features: Dumps a list of interesting files to your hard disk.
– Supports common *nix targets, but no Windows systems.

Notes
– Tested with Python 2.6.5.
– Modify, distribute, share and copy the code in any way you like!
– Please note that this tool was created for educational purposes only.
– Do not use this tool in an illegal way. Know and respect your local laws.
– Only use this tool for legal purposes, such as pentesting your own website 🙂
– I am not responsible if you cause any damage or break the law’

Categories: Tools