Share this page!

Tushar Verma 🇮🇳 Profile picture
Twitter logo
5 Nov, 5 tweets, 1 min read
If an LFI vulnerability exists, look for these files:

1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history

#bugbounty #bugbountytip #bugbountytips
2-Log files:
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log
3-CMS configuration files:
WordPress: /var/www/html/wp-config.php
Joomla: /var/www/configuration.php
Dolphin CMS: /var/www/html/inc/header.inc.php
Drupal: /var/www/html/sites/default/settings.php
Mambo: /var/www/configuration.php
PHPNuke: /var/www/config.php
4-Files that may exist on Windows systems:
c:\WINDOWS\system32\eula.txt
c:\boot.ini
c:\WINDOWS\win.ini
c:\WINNT\win.ini
c:\WINDOWS\Repair\SAM
c:\WINDOWS\php.ini
c:\WINNT\php.ini
c:\Program Files\Apache Group\Apache\conf\httpd.conf
c:\Program Files\Apache Group\Apache2\conf\httpd.conf
c:\Program Files\xampp\apache\conf\httpd.conf
c:\php\php.ini
c:\php5\php.ini
c:\php4\php.ini
c:\apache\php\php.ini
c:\xampp\apache\bin\php.ini
c:\home2\bin\stable\apache\php.ini

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tushar Verma 🇮🇳

Tushar Verma 🇮🇳 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @e11i0t_4lders0n

Tushar Verma 🇮🇳 Profile picture
5 Nov
DevSecOps Automation

1-Static Application Security Testing (SAST)
-SonarQube
-CxSAST (Checkmarx)
-Fortify
-Veracode Static Analysis (Veracode)
2-Software composition analysis (SCA)
-Blackduck
-WhiteSource
-Snyk
-Threatwatch
-CAST Highlight
-Dependency-Track
-Veracode Software Composition Analysis
-Whitehat Sentinel SCA Essentials
3-Dynamic application security testing (DAST)
-Acunetix WVS
-IBM Appscan
-Netsparker
-Burp Suite
Read 7 tweets
Tushar Verma 🇮🇳 Profile picture
4 Nov
AWS Security Best Practices

1-Identify Security Requirements
-Define and Categorize Assets in AWS
-Create Classifications for Data and Applications
2-Deploy Solutions Designed to Solve Cloud Security Challenges
-Manage Cloud Access: Limiting
-Use Cloud-Native Security Solutions
-Protect All Your Perimeters and Segment Everything
-Maintain a Consistent Security Posture Throughout AWS Deployments
-Manage AWS accounts, IAM Users, Groups, and Roles
-Manage Access to Amazon EC2 Instances

3-Protect AWS Workloads
-Implement Cloud Workload Protection for Serverless and Containers
-Implement Proactive Cloud Security
-Define Incident Response Policies and Procedures
Read 4 tweets
Tushar Verma 🇮🇳 Profile picture
28 Sep
File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips
2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php
3-Change the casing of the extension-Try different combinations of lower and upper case, for example pHp, PhP, phP, Php etc
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @e11i0t_4lders0n has new unrolls!

Check out other threads from @e11i0t_4lders0n!

Read all threads by @e11i0t_4lders0n

:(