RFI & LFI Exploitation on bWAPP
In this post, I will be exploiting the Remote and Local File Inclusion section on the Buggy Web Application. This instance of bWAPP was hosted on an Docker container on an Ubuntu VM and will be exploited from a different Kali Linux VM. This aspect of bWAPP will be exploited on the low setting.
Upon selecting the RFI & LFI setting and selecting a language, this is what the user will see.
In this case, there are some PHP commands in the URL. This is what will be used to exploit this page on bWAPP.
To do so, I will replace php file after the language parameter. Instead, I will direct the website to a different file on the website’s host VM. In this case, my target will be /etc/passwd. To gain access to this file, I will pass “../../etc/passwd” into the language parameter, which will display the contents of the host VM’s /etc/passwd on the web page.
The result of this is shown below.
As shown above, we were able to successfully exploit the RFI & LFI page on bWAPP.