Techniques¶
Supported LFI Techniques¶
basic |
Classic path traversal using directory sequences like ../. |
php-filter |
Exploits PHP stream wrappers for base64 encoding and filtering bypass. |
log-poisoning |
Injects payloads into web server logs for later inclusion and execution. |
session-poisoning |
Targets PHP session files by injecting malicious data. |
wrapper-ftp |
Uses ftp:// wrappers to include files from remote FTP servers. |
race-condition-lfi |
Employs timing and temporary file race conditions to exploit LFI. |
Run All Techniques¶
To run all supported techniques in a single scan, use:
lfimap -u "http://target/FUZZ" --method all