I'm trying to use directory traversal attack against website

450 Views Asked by At

i m trying to pen test a website so if i managed to browse website directories including db config and .php files but whenever opening any .php file nothing show like empty file and every .php file on the website acting the same i cant figure out why

1

There are 1 best solutions below

1
On BEST ANSWER

Maybe, you can read source of php files with using similarly tactik of that;

language= php://filter/read=convert.base64-encode/resource=/etc/passwd

You can suppose language is the vulnerable parameter and you try to read /etc/passwd file. The return a base64 value and you should decode it. You can see the content of and file with this way.