Scenario

The company INLANEFREIGHT has contracted you to perform a web application assessment against one of their public-facing websites. They have been through many assessments in the past but have added some functionality in a hurry and are particularly concerned about the file inclusion path traversal vulnerabilities.

You’re provided an IP address - find web vulnerabilities pertaining to File Inclusions and submit the flag.

Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as your answer.

Reconnaissance

Things of Note after basic recon:

• The app will have an LFI/RFI (file inclusion) vulnerability as its the focus of the module’s assessment.
• Nmap shows with high confidence the OS is Linux-based
• PHP 7.3.22
  • This means that PHP functions and therefore filters and wrappers are in play
• Nginx 1.18.0
  • This will change the path to certain things such as log files and config files (the lessons in the module primarily focus on Apache)
• page parameter is the only parameter found on the primary site