PRIMARY CATEGORY → LFI
Input Filters
If a .php string is always appended to the value of the page parameter, we are restricted to only list the content of PHP scripts
However, if the vulnerable function evaluates the included PHP file, we will not be able to read its source code, so we can leverage the convert PHP filter to retrieve a base64 string corresponding to the content of the given PHP script
Conversion Filters
base64-encode
Structure
php://filter/convert.base64-encode/resource=<RESOURCE>Payload
?page=php://filter/convert.base64-encode/resource=config