-
Notifications
You must be signed in to change notification settings - Fork 24
Home
kostas edited this page Jul 12, 2022
·
2 revisions
LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
The main reason this tool exists is that we didn't want to try all these attacks manually. The reason being that, as humans, we may forget to perform some attacks or forget how to perform them but a machine will always run what is programed to run. Humans are flawed, machines are not.
This tool supports:
- Path Traversal and bypasses (Null byte, encoding, Filter Bypasses)
- PHP Filter
- Remote Code Execution (RCE) through:
- Log Poisoning (Apache, Nginx)
- PHP Session Files
- PHP Wrappers