Basic Bypasses

The above web application employs more than one filter to avoid LFI exploitation. Try to bypass these filters to read /flag.txt

Step 1 - Acess the Web Application

• Select a language - the vulnerable parameter is language.

Step 2 - Access the flag file on the root directory

• The application is filtering ../ so lets add ...// to navigate through the directories

And flag retrieved!