GitHub - ian-hickey/RPFI: This is a repo to house demo code for Relative Path File Injection (Defcon 32)

Most basic example of Relative Path File Injection.

* Requires Docker

Run the following commands:

docker build -t rpfi . (only need to do this the first time)

docker run -d -p 80:80 -v $(pwd):/var/www/html --name rpfi rpfi (this starts the app)

Navigate to: localhost/vulnerablepdf.php

Click the download link. A harmless PDF is downloaded from the server.

Add a forward slash to the url:

localhost/vulnerablepdf.php/

Click the same link. Now a new PDF is downloaded and executes Javascript.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
css		css
pdf		pdf
php		php
Dockerfile		Dockerfile
helloworld.pdf		helloworld.pdf
readme.md		readme.md
sample-2.sh		sample-2.sh
sample-linux.sh		sample-linux.sh
script.sh		script.sh
vulnerablehtmlinject.php		vulnerablehtmlinject.php
vulnerablepdf.php		vulnerablepdf.php
vulnerablephp.php		vulnerablephp.php
vulnerableps1.php		vulnerableps1.php
vulnerablesh.php		vulnerablesh.php

Provide feedback