Share
## https://sploitus.com/exploit?id=4577E4E8-F771-5813-AF41-97AF530115DB
# LFI Exploitation โ€“ DVWA Lab

## ๐Ÿ“Œ Overview
This project demonstrates a **Local File Inclusion (LFI)** vulnerability exploited in a **DVWA (Damn Vulnerable Web Application)** lab environment for educational purposes.

The attack chain includes:
- LFI identification
- Sensitive file disclosure
- `/proc/self/environ` exploitation
- User-Agent injection via Burp Suite
- Reverse shell execution

---

## ๐Ÿงช Lab Environment
- Application: DVWA
๐Ÿ“ธ *Sensitive system files were successfully exposed.*

---

### 2๏ธโƒฃ Sensitive File Disclosure (LFI)
Using directory traversal, system files were accessed:
- `/etc/passwd`
- `/proc/self/environ`

๐Ÿ“ธ *PHP version and environment details were disclosed.*

---

### 3๏ธโƒฃ User-Agent Injection (Burp Suite)
- HTTP traffic was intercepted using Burp Suite
- A malicious payload was injected into the **User-Agent** header
- The request was forwarded to the server

๐Ÿ“ธ *Payload execution confirmed via LFI.*

---

### 4๏ธโƒฃ Reverse Shell Execution
After triggering the injected payload through LFI, a reverse shell was obtained on the attacker machine.

๐Ÿ“ธ *Successful shell access in DVWA lab.*

---

## ๐Ÿ›ก๏ธ Impact
- Sensitive information disclosure
- Remote Code Execution
- Full system compromise (lab environment)

---

## ๐Ÿ” Mitigation
- Proper input validation
- Avoid dynamic file inclusion
- Disable verbose error reporting
- Web server hardening

---

## โš ๏ธ Disclaimer
This project is strictly for **educational and ethical purposes only**.  
All testing was done on DVWA in a controlled lab environment.

---

Salik Karimkhan  
Cybersecurity | Penetration Testing

- Server-side Language: PHP
- OS: Linux
- Tools Used: Browser, Burp Suite

> โš ๏ธ All testing was performed in a controlled lab environment.

---

## ๐Ÿ” Step-by-Step Exploitation

### 1๏ธโƒฃ Vulnerable Parameter Identification
The `page` parameter was found vulnerable to file inclusion.

Example:
page=../../../../etc/passwd