LFI(Local File Inclusion) 취약점은 웹 브라우저를 통해 서버에 파일을 포함시키는 과정입니다. 이 취약점은 인클루드할 페이지 경로가 적절히 필터링되지 않았고 디렉토리 변경 명령어들의 삽입을 허용했을 때 일어납니다.
대부분의 LFI 취약점은 URL을 통해 이뤄지는데 이는 보통 개발자가 GET Method 사용을 선호하기 때문입니다.
| 로그 경로 |
|---|
| /etc/httpd/logs/access.log |
| /etc/httpd/logs/access_log |
| /etc/httpd/logs/error.log |
| /etc/httpd/logs/error_log |
| /opt/lampp/logs/access_log |
| /opt/lampp/logs/error_log |
| /usr/local/apache/log |
| /usr/local/apache/logs |
| /usr/local/apache/logs/access.log |
| /usr/local/apache/logs/access_log |
| /usr/local/apache/logs/error.log |
| /usr/local/apache/logs/error_log |
| /usr/local/etc/httpd/logs/access_log |
| /usr/local/etc/httpd/logs/error_log |
| /usr/local/www/logs/thttpd_log |
| /var/apache/logs/access_log |
| /var/apache/logs/error_log |
| /var/log/apache/access.log |
| /var/log/apache/error.log |
| /var/log/apache-ssl/access.log |
| /var/log/apache-ssl/error.log |
| /var/log/httpd/access_log |
| /var/log/httpd/error_log |
| /var/log/httpsd/ssl.access_log |
| /var/log/httpsd/ssl_log |
| /var/log/thttpd_log |
| /var/www/log/access_log |
| /var/www/log/error_log |
| /var/www/logs/access.log |
| /var/www/logs/access_log |
| /var/www/logs/error.log |
| /var/www/logs/error_log |
| – – – – – – – – – – – – – – – – – – – – – |
| C:\apache\logs\access.log |
| C:\apache\logs\error.log |
| C:\Program Files\Apache Group\Apache\logs\access.log |
| C:\Program Files\Apache Group\Apache\logs\error.log |
| C:\program files\wamp\apache2\logs |
| C:\wamp\apache2\logs |
| C:\wamp\logs |
| C:\xampp\apache\logs\access.log |
| C:\xampp\apache\logs\error.log |
til' CTF WIN