.png)
7 hours ago
10 BOOK THIS SPACE FOR AD
ARTICLE AD
Local File Inclusion (LFI) is a type of vulnerability in web applications that allows an attacker to trick the application into including files from the local file system on the server. This vulnerability typically arises due to improper input validation in file inclusion mechanisms.
This is the First LFI labs which we have to solve. I will manually test it. First turn on the Foxy proxy and burpsuite. But you dont need to on the intercept.
Use the sitemap not the intercept and on the top left side you will see the sitemap filter. Just go into it and add images and apply it. And you will see something like /image?filename=66.jpg. You can see anything not just 66.jpg. I am just taking it as example. And just right click and send this request to the repeater.
After remove the 66.jpg and add ../../../etc/passwd. You might be thinking why the hell this dude will write something so weird alien like. But Trust me this thing is going to work and i will explain it too. So we are telling it to get out of the directories, and execute /etc/passwd on behalf of us. The image should be stored in something like /var/www/images/. And it will just ends up with the root directory and /etc/passwd might be stored in it. And send it to and lets see the response.
And Our lab is solved…..
Bengali (Bangladesh) · 
English (United States) ·