search
LinkedInGitHub

Basic Bypasses

hashtag
The above web application employs more than one filter to avoid LFI exploitation. Try to bypass these filters to read /flag.txt

Step 1 - Acess the Web Application

  • Select a language - the vulnerable parameter is language.

Step 2 - Access the flag file on the root directory

  • The application is filtering ../ so lets add ...// to navigate through the directories

And flag retrieved!

PreviousLocal File Inclusion (LFI)NextPHP Filters

Last updated