Php

Daftar Isi Bab 1 — Dasar Path Traversal & LFI 1.1 Apa itu Path Traversal / Directory Traversal 1.2 Apa itu LFI (Local File Inclusion) 1.3 Mengapa Terjadi — Root Cause 1.4 Basic Payloads 1.5 File Target Utama di Linux 1.6 File Target Utama di Windows 1.7 Parameter yang Sering Rentan 1.8 Dorking: Google / Shodan / FOFA 1.9 Tools Discovery Bab 2 — Bypass Techniques 2.1 URL Encoding 2.2 Double Encoding 2.3 Null Byte Injection 2.4 Path Normalization Bypass 2.5 Unicode / UTF-8 Encoding 2.6 PHP Wrapper Abuse 2.7 WAF Bypass Techniques 2.8 OS-Specific Tricks 2.9 Wordlist & Burp Intruder Setup Bab 3 — LFI to RCE 3.1 Log Poisoning — Apache / Nginx 3.2 Log Poisoning — SSH Auth Log 3.3 Log Poisoning — Mail Log 3.4 /proc/self/environ 3.5 /proc/self/fd/ Technique 3.6 PHP Session File Inclusion 3.7 Uploaded File Inclusion 3.8 PHP Wrappers to RCE 3.9 XSLT Injection via PHP 3.10 XXE (XML External Entity) Injection 3.11 RCE Checklist Bab 4 — Target-Specific Cases 4.1 PHP — Laravel 4.2 PHP — WordPress 4.3 PHP — Joomla & Drupal 4.4 Java / Tomcat 4.5 Node.js 4.6 Python / Flask / Django 4.7 Nginx Alias Traversal 4.8 Apache Misconfiguration 4.9 IIS / Windows Specific 4.10 API Endpoints (REST & GraphQL) 4.11 SSRF + LFI Chain — Cloud Metadata 4.12 CVE Reference Bab 5 — Post-Exploitation via Path Traversal 5.1 Credential Extraction 5.2 Source Code Disclosure 5.3 SSH Key & Private Key Theft 5.4 Lateral Movement dari File Read 5.5 Chaining LFI ke RCE ke Shell 5.6 Checklist Ringkasan Bab 1 — Dasar Path Traversal & LFI 1.1 Apa itu Path Traversal / Directory Traversal Path traversal (directory traversal) adalah vulnerability di mana input dari user dipakai dalam operasi file tanpa sanitasi yang benar, sehingga attacker bisa navigasi keluar dari direktori yang seharusnya menggunakan sequence ../: ...