LFI

WAF RULE TESTING (LOCAL FILE INCLUSION VULNERABILITY)

In this blog, we will be testing Local File Inclusion (LFI) vulnerability on vulnerable application with OWASP CRS & CWAF Ruleset 1.127 (latest version). Test Scenario 1. Testing LFI attack with OWASP CRS Include the OWASP CRS on apache config: Filename: REQUEST-930-APPLICATION-ATTACK-LFI PARANOIA_LEVEL:1 Rule ID: 930100,930110,930120,930130 Test these following payloads on the xvwa ...