Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down

by ferminsr in Challenge Help about August 25, 2016 closed - report

Basic 30: local file inclusion

I have been lost on this one for a long time, so a tip would be very appreciated.
I have managed to use the variable $page to display the files in the subfolder "pages".
What I can't manage to do is to use this variable for directory traversal. I have tried to avoid the possible filters by doing what is mentioned on this article:

I assume that I must look for log info, as suggested on this other article:

I have also read many other articles about Local File Inclusion, without any luck. Any tip on what I am missing, or pointing me to other resources would help very much.
Thanks in advance!

PS: I'm not sure if I'm spoiling the challenge with this question, so sorry if I am and please remove the question in that case.

Answer: 1 • Score 0 • Views: 2005
Browse by
  • 49

    by coyote86 about August 30, 2016 Best answer

    What helps me when I'm doing LFI's is to start with the basics.
    Have you checked robots in the base directory? (not always relevant, but a good place to start)

    What file / directory structure have you discovered thus far? (I usually keep notes on this as I go)
    What is the error on the page specifically telling you? (e.g., 'folder/ $phpVariable')
    How can you use that error?

    Have you followed all the links on the page? (Do they reveal anything about the file structure?)

    If you get any forbidden errors how do they relate to how a web server is constructed? (e.g., what do web servers use to restrict access?)

    Message me if you are still stuck. Also, you're barking up the wrong tree with filters (this is the first VarManip mission, think way muar basic).

Question was closed.