php://filter
To return a Base64-encoded file (such as source code):
view.php?page=php://filter/convert.base64-encode/resource=index.php
This reveals otherwise inaccessible PHP source code when decoded.
| Tool | Purpose |
|---|---|
| PHP Include to Shell Char Dict | Generate payloads for LFI filters |
| BurpSuite Repeater | Test file paths interactively |
- Combine with directory traversal (
../../) to reach deeper targets. - Look for
/proc/self/environor/var/log/apache2/access.logfor potential log injection.