Local / Remote File Inclusion (LFI / RFI)

References for LFI / RFI

Blogs / Articles:

• LFI to RCE via access_log injection LFI to shell - Exploiting Apache access log

• https://medium.com/@aniltom/magic-of-the-back-slash-d868e66b532a

• https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1

• Local File Disclosure using SQL Injection by@IndiShell1046 https://dl.packetstormsecurity.net/papers/attack/lfd-via-sql-inj.pdf

Tools:

• https://github.com/D35m0nd142/LFISuite