Introduction

We covered file inclusion vulnerability both local and remote. We also explained methods of bypassing filters. This was part of TryHackMe Junior Penetration Tester.

This room aims to equip you with the essential knowledge to exploit file inclusion vulnerabilities, including Local File Inclusion (LFI), Remote File Inclusion (RFI), and directory traversal. Also, we will discuss the risk of these vulnerabilities if they’re found and the required remediation. We provide some practical examples of each vulnerability as well as hands-on challenges.

In some scenarios, web applications are written to request access to files on a given system, including images, static text, and so on via parameters. Parameters are query parameter strings attached to the URL that could be used to retrieve data or perform actions based on user input.

Get OSCP Certificate Notes

Answers

What function causes path traversal vulnerabilities in PHP?
Give Lab #1 a try to read /etc/passwd. What would the request URI be?

In Lab #2, what is the directory specified in the include function?

Give Lab #3 a try to read /etc/passwd. What is the request look like?

Which function is causing the directory traversal in Lab #4?

Try out Lab #6 and check what is the directory that has to be in the input field?

Try out Lab #6 and read /etc/os-release. What is the VERSION_ID value?
Capture Flag1 at /etc/flag1

Capture Flag2 at /etc/flag2

Capture Flag3 at /etc/flag3

Gain RCE in Lab #Playground /playground.php with RFI to execute the hostname command. What is the output?

Video Walk-through