File Inclusion

medium40 mintryhackme

Master file inclusion vulnerabilities: path traversal to read sensitive files, Local File Inclusion (LFI) with various bypass techniques (null byte injection, double-dot filter bypass, required directory prefix), and Remote File Inclusion (RFI) for remote code execution. Includes 6 progressive labs and 4 challenge flags testing different LFI vectors (GET, POST, Cookie parameters).

Skills You Will Learn

lfirfipath-traversalnull-byte-injectionfilter-bypassphp-wrappers

Prerequisites

thm-walkinganapplication
web-manual-testing
browser-devtools

Walkthrough Phases

Path Traversal & LFI Concepts

Understand how file inclusion vulnerabilities work

LFI Labs — Progressive Difficulty

Exploit Local File Inclusion with various bypass techniques

Remote File Inclusion

Understand RFI and how it leads to Remote Code Execution

CTF Challenges

Capture all four flags using different LFI/RFI techniques

15 questions to answer

alienrecon start thm-fileinc

Don't have AlienRecon? Get started here