RFI & LFI Exploitation on bWAPP

Cambria Kinkelaar
2 min readMar 27, 2024

--

In this post, I will be exploiting the Remote and Local File Inclusion section on the Buggy Web Application. This instance of bWAPP was hosted on an Docker container on an Ubuntu VM and will be exploited from a different Kali Linux VM. This aspect of bWAPP will be exploited on the low setting.

Upon selecting the RFI & LFI setting and selecting a language, this is what the user will see.

RFI & LFI page after selection of a language

In this case, there are some PHP commands in the URL. This is what will be used to exploit this page on bWAPP.

To do so, I will replace php file after the language parameter. Instead, I will direct the website to a different file on the website’s host VM. In this case, my target will be /etc/passwd. To gain access to this file, I will pass “../../etc/passwd” into the language parameter, which will display the contents of the host VM’s /etc/passwd on the web page.

Passing a file through the language parameter

The result of this is shown below.

Result of the file inclusion exploit

As shown above, we were able to successfully exploit the RFI & LFI page on bWAPP.

--

--

No responses yet