lfi-labs

small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

why?

for training and testing purposes. you can test detection products (e.g. vulnerability scanners), exploit tools, etc.

these are NOT intended for evaluating appsec testing tools.

the idea is that you'd add these to an Apache VirtualHost directive for testing purposes. if you need to do some quick and dirty testing, fire up php -S 0.0.0.0:8080 or something and go to town.

who?

jose nazario @jnazario

inspired by

https://github.com/AUDI-1/sqli-labs

useful links



lfi-labs

小套PHP脚本练习利用LFI,RFI和CMD注入

why?

用于培训和测试目的。您可以测试检测产品(例如漏洞扫描程序),利用工具等。

这些不是用于评估appsec测试工具。

这个想法是将这些添加到Apache VirtualHost指令进行测试。如果你需要做一些快速而肮脏的测试,则启动 php -S 0.0.0.0:8080 或者去城里去。

who?

jose nazario @jnazario

inspired by

https://github.com/AUDI-1/sqli-labs

useful links




相关问题推荐