File Inclusion

Path Traversal

If the input isn’t filtered we can start pivoting through the paths until we can reach some critical data

LFI Filters bypassing

1. the website filters the (../) we can bypass it by adding (..-../-/) “the - is not included only for explanation”
2. let’s say that the website adds an extension to the end of the path we can bypass it by adding a null byte (%00 or 0x00)
3. Focus on input fields and Focus on errors