Saturday, 21 December 2013

Zee Cinema is Vulnerable to LFI(local file inclusion) + iframe Injection.

Local File Inclusion (LFI) is a type of vulnerability which is mostly found in websites. It allows hacker to include a local file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.  LFI Vulnerability allows an attacker to add any local file to Website Server through script. LFI is very dangerous vulnerability which can lead to website Defacement, Command Execution and many more........

Here are some of the common parameters which are vulnerable to local file inclusion or remote file inclusion attacks

read.html?link=
index.php?homepage=index.php?

page=index.php?index2=

But recent days I was testing Zee Cinema for vulnerabilities and i found that it is vulnerable to local file inclusion.









Enjoy!!!!!!!!!!!!!

No comments:

Post a Comment