Exploiting LFI in Co-Hosting Environment

Local File Inclusion (LFI) vulnerability in a PHP web application can be exploited to the fullest whenever it is possible to upload files into the web server. This paper explores a technique through which a properly implemented file upload module in a co-hosted website can be used for full exploitation of the LFI vulnerability, which can lead to web server control.