Using the FIMAP tool for file inclusion attacks (RFI/LFI)

In the very first recipe, the Burp Scanner also identified the file path travel vulnerability. In this recipe, we will learn how to use Fimap to exploit the file path traversal vulnerability.

Fimap is a Python tool that can help in finding, preparing, auditing and finally exploiting local and remote file inclusion bugs in web applications automatically.

Getting ready

To step through this recipe, you will need the following:

Kali Linux running on Oracle Virtualbox/VMware
Docker running on Kali Linux
Vulnerable Web Application Docker container
An Internet connection

How to do it...

For this recipe, you need to perform the following steps:

Open the browser and navigate to http:/dvwa.hackhunt.com/dvwa ...

Get Kali Linux Intrusion and Exploitation Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Intrusion and Exploitation Cookbook by Ishan Girdhar, Dhruv Shah

Using the FIMAP tool for file inclusion attacks (RFI/LFI)

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly