CTF by example DVWA LFI

Описание: Looking to learn about Capture the Flag challenges. Join me in my series, where I use DVWA so you can learn about some of the more common Vulnerabilities that are used in Linux Capture the Flag (CTF) challenges. In this video I will take a look at LFI (Local File Inclusion).

What is DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

What is LFI
LFI or Local File Inclusion, is a vulnerability where a user can browse file-system files on the remote web-server. This are a few causes for this, sometimes the web developer wants to share the contents of a file to the viewer and presents these contents via PHP into the web page that is being viewed. However if the developer is not careful and include some fail-safes, then a simple modification to the url can result in the remote viewer being able to browse the file system of the web server.

Code for this series is available on my github page: https://github.com/therealtomkraz/dvwa
Blog post on beating with with curl: https://tkcyber.com/index.php/2022/04...
You can find this and many more CTF learning nuggets on my website: https://tkcyber.com
Video of the Installation of DVWA via Docker:    • Installing dvwa with docker  
Blog post about the installation of DVWA: https://tkcyber.com/index.php/2022/03...