## https://sploitus.com/exploit?id=4577E4E8-F771-5813-AF41-97AF530115DB
# LFI Exploitation โ DVWA Lab
## ๐ Overview
This project demonstrates a **Local File Inclusion (LFI)** vulnerability exploited in a **DVWA (Damn Vulnerable Web Application)** lab environment for educational purposes.
The attack chain includes:
- LFI identification
- Sensitive file disclosure
- `/proc/self/environ` exploitation
- User-Agent injection via Burp Suite
- Reverse shell execution
---
## ๐งช Lab Environment
- Application: DVWA
๐ธ *Sensitive system files were successfully exposed.*
---
### 2๏ธโฃ Sensitive File Disclosure (LFI)
Using directory traversal, system files were accessed:
- `/etc/passwd`
- `/proc/self/environ`
๐ธ *PHP version and environment details were disclosed.*
---
### 3๏ธโฃ User-Agent Injection (Burp Suite)
- HTTP traffic was intercepted using Burp Suite
- A malicious payload was injected into the **User-Agent** header
- The request was forwarded to the server
๐ธ *Payload execution confirmed via LFI.*
---
### 4๏ธโฃ Reverse Shell Execution
After triggering the injected payload through LFI, a reverse shell was obtained on the attacker machine.
๐ธ *Successful shell access in DVWA lab.*
---
## ๐ก๏ธ Impact
- Sensitive information disclosure
- Remote Code Execution
- Full system compromise (lab environment)
---
## ๐ Mitigation
- Proper input validation
- Avoid dynamic file inclusion
- Disable verbose error reporting
- Web server hardening
---
## โ ๏ธ Disclaimer
This project is strictly for **educational and ethical purposes only**.
All testing was done on DVWA in a controlled lab environment.
---
Salik Karimkhan
Cybersecurity | Penetration Testing
- Server-side Language: PHP
- OS: Linux
- Tools Used: Browser, Burp Suite
> โ ๏ธ All testing was performed in a controlled lab environment.
---
## ๐ Step-by-Step Exploitation
### 1๏ธโฃ Vulnerable Parameter Identification
The `page` parameter was found vulnerable to file inclusion.
Example:
page=../../../../etc/passwd