Glossary
LFI (Local File Inclusion)
A web vulnerability where an application includes attacker-influenced local file paths; can escalate to code execution and a reverse shell.
Local File Inclusion (LFI) is a web vulnerability in which an application
includes a file based on attacker-controlled input, e.g.
?page=../../../../etc/passwd. On its own it discloses files; combined with a
way to control file contents — log poisoning, PHP session files, or php://
wrappers — it escalates to code execution and then a
reverse shell. See
from LFI to reverse shell.