Tag: lfi

PwnLab write-up: Init (Vulnhub): LFI with wrappers, file upload for RCE and escalation via SUID/PATH and injection in echo.

Crimestoppers write-up (HackTheBox): high-level Linux machine that exploits LFI with PHP wrappers to read source code, uploads webshell via ZIP wrapper, steals Thunderbird credentials, and obtains root access by reversing a rootkit (mod-rootme) or Apache logs.