Hacking Knowledge
  • πŸ β€‹ Homepage
    • Welcome
    • About Me
    • Disclaimer
    • Conventions
  • πŸ”‘Cybersecurity Basics
    • Introduction
    • Vulnerabilities
    • Cyberattacks
      • Cyber Kill Chain
      • Malware
    • Security Models
      • Methodologies
    • Legal Support
    • Career Paths
    • Certifications
    • Related Concepts
  • 🐧Linux
    • Introduction
    • Functional Structure
      • File Permissions
      • Environment Variables
      • Crontabs
    • Commands
      • Operators
    • Useful Shell Resources
    • Related Concepts
  • ⊞ Windows
    • Introduction
    • Functional Structure
      • File Permissions
      • Environment Variables and System Tools
      • System Events
    • Commands
    • Related Concepts
  • 🌐Networks
    • Introduction
    • Networking Frameworks
      • OSI Model
      • TCP/IP Model
    • Protocols
      • ARP
      • TCP
      • NetBIOS
      • SNMP
      • DNS
      • HTTP
      • Telnet
      • FTP
      • TFTP
      • SMB
      • RDP
      • SSH
      • SMTP
      • POP 3
      • IMAP
      • Oracle TNS
      • IPMI
    • Hypervisors
    • Related Concepts
    • Tools and Utilities
  • πŸ”Cryptography
    • Introduction
    • Encoding (WIP)
    • Encryption (WIP)
      • Types of encryption (WIP)
      • Methods of Encryption (WIP)
    • Hashing
      • Well-known Hashes (WIP)
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • πŸ‘£Digital Forensics
    • Introduction
    • Basic Plan
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • 🎯Penetration Testing
    • Introduction
    • Categorization
    • Process Stages
      • Pre-engagement
      • Information Gathering
        • OSINT
          • Dorking
          • Searching breach data dumps
        • Enumeration
          • Get information from SSL certificates
          • Retrieve information from IMAP/POP3 servers
          • Redirect HTTP traffic using Feroxbuster and ZAP
          • Mount accesible NFS Shares
          • Bruteforce subdomains
        • Tools and Utilities
        • Useful Tips
      • Vulnerability Assessment
      • Exploitation
        • Tools and Utilities
        • Useful Tips
      • Post-Exploitation
        • Techniques (WIP)
        • Privilege Escalation
          • Linux Privilege Escalation
          • Windows Privilege Escalation
        • Tools and Utilities
        • Useful Tips
      • Lateral Movement
      • Proof-of-Concept
      • Post-engagement
        • Sample Report (WIP)
    • Related Concepts
  • πŸ“‘Web Exploitation
    • Introduction
    • OWASP Top 10
      • Broken Access Control
      • Cryptographic Failures
      • Injection
      • Insecure Design
      • Security Misconfiguration
      • Vulnerable and Outdated Components
      • Identification and Authentication Failures
      • Software and Data Integrity Failures
      • Security Logging and Monitoring Failures
      • Server-side Request Forgery
    • Attack Techniques
      • Local File Inclusion
      • Remote File Inclusion
      • Cross-Site Scripting
      • Command injection
      • XXE Injection
      • Abuse File Upload
      • Cross-Site Request Forgery
      • Header Poisoning
      • HTTP Parameter Pollution
      • Content Security Policy Bypass
      • Exposed .htaccess and .htpasswd files
      • Server-Side Request Forgery
      • Server-Side Template Injection
      • Cookie Hijacking
      • Null Byte Poisoning
      • PHP - Abuse PHP Type Juggling
      • PHP - Bypass using filters
      • WordPress - Abuse Theme Configuration on templates
      • WordPress - Getting credentials from configuration files
      • CVE - Log4Shell
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • πŸ—„οΈDatabase Attacks
    • Introduction
    • SQL
      • MySQL
      • MSSQL
      • SQLite3
    • Attack Techniques
      • SQL Injection
        • Authentication Bypass
      • NoSQL Injection
      • MS SQL - xp_cmdshell Abuse
      • MongoDB - Impersonation via credentials change
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • πŸ‘₯Active Directory
    • Introduction
    • Related Concepts (WIP)
    • Tools and Utilities (WIP)
    • Useful Tips (WIP)
  • ☁️CLOUD HACKING
    • Introduction
    • Related Concepts
    • Tools and Utilities (WIP)
    • Useful Tips (WIP)
  • πŸ“œScripting
    • Introduction
    • Reverse Shell
    • Bind shell
    • Web Shell
  • 🚩Practical Skill Development
    • Learning Platforms
      • Hack The Box
      • TryHackMe
      • picoCTF
    • Featured Labs
    • CTF Competitions
  • πŸ“Write-Ups
    • Introduction
    • HTB Starting Point
      • Meow (Tier 0)
      • Fawn (Tier 0)
      • Dancing (Tier 0)
      • Redeemer (Tier 0)
      • Explosion (Tier 0)
      • Preignition (Tier 0)
      • Mongod (Tier 0)
      • Synced (Tier 0)
      • Appointment (Tier 1)
      • Sequel (Tier 1)
      • Crocodile (Tier 1)
      • Responder (Tier 1)
      • Three (Tier 1)
      • Ignition (Tier 1)
      • Bike (Tier 1)
      • Funnel (Tier 1)
      • Pennyworth (Tier 1)
      • Tactics (Tier 1)
      • Archetype (Tier 2)
      • Oopsie (Tier 2)
      • Vaccine (Tier 2)
      • Unified (Tier 2)
      • Included (Tier 2)
      • Markup (Tier 2)
      • Base (Tier 2)
    • HTB Machines
      • Nibbles (Easy)
      • BountyHunter (Easy)
      • Crafty (Easy)
      • Chemistry (Easy)
    • HTB Challenges
    • HTB Advanced labs
  • Group 1
Powered by GitBook
On this page

Was this helpful?

  1. Web Exploitation
  2. Attack Techniques

PHP - Bypass using filters

PreviousPHP - Abuse PHP Type JugglingNextWordPress - Abuse Theme Configuration on templates

Last updated 1 month ago

Was this helpful?

PHP filters can sometimes be exploited to read the source code of a PHP file if the server is misconfigured and allows or direct access to PHP stream wrappers. This occurs when the allow_url_include and allow_url_fopen parameters are enabled on the php.ini file.

LFI on PHP files usually won’t display the source code, because when included, the PHP interpreter executes the file instead of showing its contents, but using the PHP filters we can have access to the source code instead of executing the file.

Here we found how this can be exploited:

  • Use payload to retrieve the source code of a PHP file

php://filter/convert.base64-encode/resource=$pathToPHPfile
php://filter/convert.base64-encode/resource=db.php #Example with a default php db

  • If direct file access via php://filter is blocked, we can use it indirectly in a confirmed LFI point

vulnerable.php?file=php://filter/convert.base64-encode/resource=$pathToPHPfile
πŸ“‘
Local File Inclusion