Nytro Posted January 9, 2017 Report Posted January 9, 2017 Web Application Penetration Testing Local File Inclusion (LFI) Testing Techniques Jan 04, 2017, Version 1.0 ©2017 – Aptive Consulting Ltd This document and the templates used in its production are the property of Aptive Consulting Ltd and cannot be copied (both in full or in part) without the permission of Aptive Consulting Ltd. While precautions have been taken in the preparation of this document, Aptive Consulting Ltd the publisher, and the author(s) assume no responsibility for errors, omissions, or for damages resulting from the use of the information contained herein. The information herein is provided for educational and informative purposes only, Aptive Consulting Ltd the publisher and author(s) take no responsibility or liability for the actions of others. 2 | A p t i v e phone: +44 (0)3333 440 831 | email: contact@aptive.co.uk | web: https://www.aptive.co.uk Introduction The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions. Download: https://www.exploit-db.com/docs/40992.pdf Quote