Ffuf

Identifying the Local File Inclusion (LFI) Vulnerability While working on the skills assessment for the File Inclusion module, I first checked whether the target website was vulnerable to Local File Inclusion (LFI). The website had a query parameter called page in the URL, as shown below: http://<IP>/index.php?page=<page name> When I attempted to traverse directories using relative paths, like ../../../../etc/passwd, I encountered an error message: “Invalid input detected!”. Directory Enumeration with ffuf To explore available pages on the site, I used the ffuf tool to fuzz the directories: ...