Exploiting Local File Inclusion (LFI) Using PHP Wrapper

IN my previous blog related to LFI, I already discussed some basic steps to achieve LFI. Now in this blog I am explaining how we can achieve LFI is there is any input filtration on the server side.

Aim: Our aim is to find admin account password of the website.

There are three tabs in the web application.

· Home

· CV

· Contact

When we click on “home” tab, home variable travel in URL with page parameter. Same…

More from Gupta Bless

Security enthusiast working to secure web for others.

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

About Help Terms Privacy

Exploiting Local File Inclusion (LFI) Using PHP Wrapper

More from Gupta Bless

Recommended from Medium

https://digmobilereview.blogspot.com/2022/01/Moto%20Edge%2020%20Fusion%20Cyber%20Teal%20128%20GB%208

How to Stake (e-Money)NGM Token

The Biggest Threats To Your Website

Future ransomware will attack Trust in your Data, not Access

ACL Configuration

SOLCIAL : A SOLUTION TO SOCIAL NETWORK CENSORSHIP

PUBLIC SALE ON THE CRONOS NETWORK

Value in Cybersecurity

Get the Medium app

Gupta Bless

More from Medium

Lesser Known Web Attacks: Server Side Injection

The Spring Data MongoDB SpEL Expression Injection Vulnerability — CVE-2022–22980

Server-Side Request Forgery (SSRF)

CVE-2021- 41528: Flexera / RISC Networks — Vulnerable Authorization Schema