From LFI to RCE!!
Hey guys, in this topic I will talk about an exploitation to change LFI to RCE which has a high impact.
What is LFI? Local file inclusion is a vulnerability in some of the web applications because the website read files from the server but the developer doesn’t filter the input from the user he trusts them :D.
What is RCE? Remote Code execution this is a bug give the attacker permissions to execute a command on the server.
For example when you search on website you found a Local File Inclusion (LFI) this is good but this issue just give you access to the files in the server just files you will get a cool bounty from it but if it’s a Remote code execution (RCE) it will be awesome Bounty so now every server has a log files this files save any request to the website with the path and User-Agent and sometimes the Referer value we will use this file access.log you just will do some brute force to know the path of this file or any logs file now when you know the path of this file you should open it with LFI bug it will be like that

