Скачать или смотреть Local File Inclusion/LFI using PHP protocol & wrappers

As last video was about Directory Traversal why not create a video about LFI this time? Also here you can see what a b*tch and how sensitive it can be to get the exploit to work.
Comment if there is anything specific you want to see. Theres for example the final RFI flag in this lab. One admin login bypass lab, one IDOR lab, one SSRF with DNS rebinding lab and one Java Insecure Deserialiaztion lab.

#bugbountytips of the day

1st: if endpoints using GraphQL accepts content-type: x-www-url-encoded, its vulnerable to CSRF

2nd: find self XSS and if theres a web cache mechanism in place do web cache poisoning, just have 2 repeater tabs with same request and use a cachebuster ex ?xxx=123 on both on the one with the self XSS send it untill you get a HIT send in 2nd window and if you get MISS not HIT it willl pop, so from self to stored

3rd: use Google dorks, ex search for site:"x.com" intext:"error" or maybe syntax etc, or ex inurl:"@gmail.com", or ex ext:"bak" or ex pdf, txt etc

4th: in SQL injection context where its ex /user?id=50 try mathematical operations like /user?id=25+25 and see if its same user as user 50

5th: http@0/ refers to localhost in a SSRF scenario

github: https://github.com/a6thmfsin