Web Hacking Premium

Local & Remote File Inclusion (LFI/RFI)

How one user-controlled string passed to include() turns into file disclosure, log poisoning and full RCE. Every angle: path traversal, PHP wrappers (php://filter, php://input, data://, expect://, phar://), log-poisoning chains (access.log, error.log, /proc/self/environ, session files, mail log), the filter bypasses, RFI vs LFI, real incidents, and per-language defences (PHP/Python/Java/Node/Ruby/.NET).

Related Articles

Related Cheatsheets

4
exploitation

John the Ripper — Password Cracking

John the Ripper — versatile password cracker with hash extraction helpers for common file …

212 views
web-pentest

WPScan — WordPress Security Scanner

WPScan is a WordPress security scanner for finding vulnerabilities, weak passwords, and ex…

149 views
web-pentest

Gobuster — Directory & DNS Brute Force

Gobuster — fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 …

134 views
web-pentest

Burp Suite — Web Application Testing Proxy

Burp Suite CLI tools and key workflows for web application security testing.

115 views

Related Courses

2
Intermediate

Web Application Penetration Testing

Master web hacking from recon to reporting

30 · 9.3h
Intermediate

Bug Bounty Hunting — From Recon to Bounty

The practical playbook for finding real bugs on real targets. Recon methodology, vulnerabi…

0 · 7.2h