0xdf
The YouTube video "PHP Filter Injection: LFI2RCE Explained" discusses the technique of LFI2RCE, which allows for the creation of a PHP file out of filters, turning an LFI vulnerability into RCE if disabled functions and content are present in the URL link. The presenter demonstrates multiple methods of injecting PHP filters and uploading web shells onto servers and introduces a new technique that exploits PHP filters meant to change the encoding of strings. They explain the process of generating a filter chain, using base64 encoding for payload characters to speed up the process, and building a payload that can be executed as a web shell. The video also highlights the challenges that may arise when using this technique.
In this section of the video, the presenter introduces the technique of LFI2RCE, which allows for the creation of a PHP file out of filters and nothing else. This technique can be used to turn an LFI vulnerability into RCE if disabled functions and content are present in the URL link. The presenter demonstrates how this works by writing a simple PHP app and accessing files on the system through LFI vulnerabilities, as well as creating a web shell to execute commands on the system. This technique is important for bug bounty hunters and could be used in many CTF tasks as well.
In this section, the speaker discusses different methods of injecting PHP filters and uploading web shells onto servers. They explain how some methods involve manipulating logs and emailing users to read their PHP files, while others involve exploiting remote file inclusion or using PHP filters to read files out of zip files. The speaker then introduces a new technique that exploits PHP filters meant to change the encoding of strings. The technique involves taking a string and encoding it with filters repeatedly to create extra characters that can be manipulated to get strings appended to the front. The speaker explains the process in detail and highlights the benefits and drawbacks of this technique. They also provide a link to a GitHub repository that demonstrates the process.
In this section, the creator explains the process of generating a filter chain and using it to generate a payload. The process involves generating garbage for base64, getting rid of equal signs, and creating more junk. The creator then demonstrates how to generate a character by looking it up in a conversions table and adding it to the end of the chain before showing how the filter can return DF, which could be a small web shell.
In this section, the speaker explains how to use the PHP filter injection technique to execute arbitrary code or commands by making use of the LFI to RCE approach with filters. The speaker walks through building a filter chain for generating the payload, demonstrating how to use base64 encoding for payload characters to reduce the alphabet of characters and speed up the process, as well as showing an example of a payload that can be executed as a simple web shell. The speaker also mentions some of the challenges that can be faced when using this technique, such as URL length limitations for longer payloads.
No videos found.
No related videos found.
No music found.