pierre Posted July 5, 2017 Share Posted July 5, 2017 Hello, I try to execute command on a server from a LFI. According to this article (http://resources.infosecinstitute.com/local-file-inclusion-code-execution/#gref) , I could do it by managing the /proc/self/environ file. But I even can't display his content on the page by requesting: http://192.168.1.1/DVWA/vulnerabilities/fi/?page=/proc/self/environ It appears that the rights associated are : - r-- --- --- 1 test test 0 So it is normal that www-data can't see it, no ? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.