DVWA

LFI & RFI are commonly found in poorly written PHP code, allows an attacker to include a local or remote PHP file into the webservers running PHP code. The exploitation of this vulnerability depends on PHP versions and web server configurations. RFI - Allow an attacker to introduce their own PHP code to the web server. LFI attacks limits the attacker to including file already existing within the webserver.

Original url:
http://localhost/vulnerabilities/fi/?page=file1.php

robots.txt
http://localhost/vulnerabilities/fi/?page=../../robots.txt

phpinfo.php
http://localhost/vulnerabilities/fi/?page=../../phpinfo.php

DVWA - File Inclusion

DVWA

Written by:

Chris Young