# Local / Remote File Inclusion (LFI / RFI)

**Blogs / Articles:**

* [LFI to RCE via access\_log injection](https://medium.com/@p4c3n0g3/lfi-to-rce-via-access-log-injection-88684351e7c0)\
  [LFI to shell - Exploiting Apache access log](https://roguecod3r.wordpress.com/2014/03/17/lfi-to-shell-exploiting-apache-access-log/)
* <https://medium.com/@aniltom/magic-of-the-back-slash-d868e66b532a>
* <https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1>
* Local File Disclosure using SQL Injection by[@IndiShell1046](https://twitter.com/IndiShell1046) [https://dl.packetstormsecurity.net/papers/attack/lfd-via-sql-inj.pdf](https://t.co/JYfNDEjoxC?amp=1)

**Tools:**

* <https://github.com/D35m0nd142/LFISuite>