• The idea is to include the information of files u add from another file that u have
• Path traversal is to traverse between files, say u in a web site by default in folder /var/www/html, and what u make is saved in file lets call it (User Input), now i want to go to the root directory so we do it by going /../../.. and the (User Input) so the file u in now is the root and data is saved in the root directory

Local File Inclusion

• include files in the same website

• Functions in php that makes u execute commands

  include
  include_once
  require
  require_once
  

• u might include a file without extension, and the website takes the file and add the extension and run the content

• u might include file without extension and the website takes the file’s data and execute it as a php for example

Remote file Inclusion

• include files from other website, this is less common to be found

Local File Download (LFD) / Reflected File Download

• Same as LFI, but instead of reading the file or include it, its being downloaded on ur device

Back to LFI

• the website might have in its response a file included, this file field can be change and tested for other files like /etc/passwd and more. This filed also can be used to review the source code using LFI php filters like this

  • https://book.hacktricks.xyz/pentesting-web/file-inclusion

  <http://example.com/index.php?page=../../../etc/passwd>
  php://filter/convert.base64-encode/resource=profile.php
  <http://example.com/index.php?page=....//....//....//etc/passwd>
  <http://example.com/index.php?page=>....\\/....\\/....\\/etc/passwd
  <http://some.domain.com/static/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd>
  

• Introduction

• Local File Inclusion (LFI)

• Basic Bypasses

• PHP Filters

• PHP Wrappers

• Remote File Inclusion (RFI)

• LFI and File Uploads