I just did a challenge that was a LFI vuln. I had to switch from a GET request to a POST, but I dont understand what the difference is when dealing with an LFI, or why it would exploit the LFI vuln.
Does anyone have insight or a place I could learn more about this?
This was my payload (If needed): curl -X POST http://10.10.10.10/challenges/chall3.php -d 'method=POST&file=../../../../etc/flag3%00' --output
[link] [comments]
from hacking: security in practice https://ift.tt/GCnEr1h
Comments
Post a Comment