I am currently doing a CTF and everything here is part of it.
I have found an LFI vulnerability in a website that allows me to download files on both the C drive and D drive. The D drive contains content relevant to the website however no jsp (the site uses jsp) scripts that I can download which could contain useful information.
I found a way to read the D drive using the exploit and have gathered several config files. I attempted to access what I believed to be the website root directory at C:/inetpub/wwwroot and it contains an iisstart.htm file however there is nothing related to the actual site.
Is there a config, log or any kind of file on the system which may give me more information as to where the website root is? Maybe I'm missing a config file or it could be located in a log? I have even downloaded and checked files such as lnk files to see if it contains useful paths.
[link] [comments]
from hacking: security in practice https://ift.tt/3eNgxEN
Comments
Post a Comment