LFI - Intruder files (Windows,Linux,Logs...)

File Inclusion - Path Traversal/Intruders/BSD-files.txt

@@ -0,0 +1,13 @@
+/usr/pkg/etc/httpd/httpd.conf
+/usr/local/etc/apache22/httpd.conf
+/usr/local/etc/apache2/httpd.conf
+/var/www/conf/httpd.conf
+/var/www/logs/error_log
+/var/www/logs/access_log
+/etc/apache2/httpd2.conf
+/var/apache2/logs/error_log
+/var/apache2/logs/access_log
+/var/log/httpd-error.log
+/var/log/httpd-access.log
+/var/log/httpd/error_log
+/var/log/httpd/access_log

File Inclusion - Path Traversal/Intruders/LFI-LogFileCheck.txt

@@ -1,49 +0,0 @@
-/etc/passwd
-/apache/logs/access.log
-/apache/logs/error.log
-/apache2/logs/error.log
-/apache2/logs/access.log
-/etc/httpd/logs/access.log
-/etc/httpd/logs/access_log
-/etc/httpd/logs/error_log
-/etc/httpd/logs/error.log
-/logs/error.log
-/logs/access.log
-/logs/error_log
-/logs/access_log
-/usr/local/apache/logs/access_log
-/usr/local/apache/logs/access.log
-/usr/local/apache/logs/error_log
-/usr/local/apache/logs/error.log
-/usr/local/apache2/logs/access_log
-/usr/local/apache2/logs/access.log
-/usr/local/apache2/logs/error_log
-/usr/local/apache2/logs/error.log
-/var/log/access_log
-/var/log/access.log
-/var/log/error_log
-/var/log/error.log
-/var/log/apache/access_log
-/var/log/apache/error.log
-/var/log/apache2/access_log
-/var/log/apache2/error.log
-/var/log/httpd/access_log
-/var/log/httpd/error_log
-/var/log/httpd/access_log
-/var/log/httpd/error_log
-/var/www/logs/error_log
-/var/www/logs/error.log
-/var/www/logs/access_log
-/var/www/logs/access.log
-/var/www/mgr/logs/error_log
-/var/www/mgr/logs/error.log
-/var/www/mgr/logs/access_log
-/var/www/mgr/logs/access.log
-/opt/lampp/logs/access_log
-/opt/lampp/logs/access.log
-/opt/lampp/logs/error_log
-/opt/lampp/logs/error.log
-/opt/xampp/logs/access_log
-/opt/xampp/logs/access.log
-/opt/xampp/logs/error_log
-/opt/xampp/logs/error.log

File Inclusion - Path Traversal/Intruders/Linux-files.txt

@@ -0,0 +1,58 @@
+/etc/passwd
+/etc/group
+/etc/hosts
+/etc/motd
+/etc/issue
+/etc/bashrc
+/etc/apache2/apache2.conf
+/etc/apache2/ports.conf
+/etc/apache2/sites-available/default
+/etc/httpd/conf/httpd.conf
+/etc/httpd/conf.d
+/etc/httpd/logs/access.log
+/etc/httpd/logs/access_log
+/etc/httpd/logs/error.log
+/etc/httpd/logs/error_log
+/etc/init.d/apache2
+/etc/mysql/my.cnf
+/etc/nginx.conf
+/opt/lampp/logs/access_log
+/opt/lampp/logs/error_log
+/opt/lamp/log/access_log
+/opt/lamp/logs/error_log
+/proc/self/environ
+/proc/version
+/proc/cmdline
+/proc/mounts
+/proc/config.gz
+/root/.bashrc
+/root/.bash_history
+/root/.ssh/authorized_keys
+/root/.ssh/id_rsa
+/root/.ssh/id_rsa.keystore
+/root/.ssh/id_rsa.pub
+/root/.ssh/known_hosts
+/usr/local/apache/htdocs/index.html
+/usr/local/apache/conf/httpd.conf
+/usr/local/apache/conf/extra/httpd-ssl.conf
+/usr/local/apache/logs/error_log
+/usr/local/apache/logs/access_log
+/usr/local/apache/bin/apachectl
+/usr/local/apache2/htdocs/index.html
+/usr/local/apache2/conf/httpd.conf
+/usr/local/apache2/conf/extra/httpd-ssl.conf
+/usr/local/apache2/logs/error_log
+/usr/local/apache2/logs/access_log
+/usr/local/apache2/bin/apachectl
+/usr/local/etc/nginx/nginx.conf
+/usr/local/nginx/conf/nginx.conf
+/var/apache/logs/access_log
+/var/apache/logs/access.log
+/var/apache/logs/error_log
+/var/apache/logs/error.log
+/var/log/apache/access.log
+/var/log/apache/access_log
+/var/log/apache/error.log
+/var/log/apache/error_log
+/var/log/httpd/error_log
+/var/log/httpd/access_log

File Inclusion - Path Traversal/Intruders/Logs-files.txt

@@ -0,0 +1 @@
+71

File Inclusion - Path Traversal/Intruders/Mac-files.txt

@@ -0,0 +1,6 @@
+/etc/apache2/httpd.conf
+/Library/WebServer/Documents/index.html
+/private/var/log/appstore.log
+/var/log/apache2/error_log
+/var/log/apache2/access_log
+/usr/local/nginx/conf/nginx.conf

File Inclusion - Path Traversal/Intruders/Web-files.txt

@@ -0,0 +1,13 @@
+/robots.txt
+/humans.txt
+/style.css
+/configuration.php
+wp-login.php
+wp-admin.php
+/wp-content/plugins
+/include/config.php
+/inc/config.php
+/include/mysql.php
+/inc/mysql.php
+/sites/defaults/settings.php
+/phpmyadmin/changelog.php

File Inclusion - Path Traversal/Intruders/Windows-files.txt

@@ -0,0 +1,212 @@
+C:/$recycle.bin/s-1-5-18/desktop.ini
+C:/apache2/log/access.log
+C:/apache2/log/access_log
+C:/apache2/log/error.log
+C:/apache2/log/error_log
+C:/apache2/logs/access.log
+C:/apache2/logs/access_log
+C:/apache2/logs/error.log
+C:/apache2/logs/error_log
+C:/apache/log/access.log
+C:/apache/log/access_log
+C:/apache/log/error.log
+C:/apache/log/error_log
+C:/apache/logs/access.log
+C:/apache/logs/access_log
+C:\apache\logs\access.log
+C:/apache/logs/error.log
+C:/apache/logs/error_log
+C:\apache\logs\error.log
+C:/apache/php/php.ini
+C:/boot.ini
+C:\boot.ini
+C:/documents and settings/administrator/desktop/desktop.ini
+C:/documents and settings/administrator/ntuser.dat
+C:/documents and settings/administrator/ntuser.ini
+C:/home2/bin/stable/apache/php.ini
+C:/home/bin/stable/apache/php.ini
+C:/inetpub/logs/logfiles
+C:/inetpub/wwwroot/global.asa
+C:/inetpub/wwwroot/index.asp
+C:/inetpub/wwwroot/web.config
+C:/log/access.log
+C:/log/access_log
+C:/log/error.log
+C:/log/error_log
+C:/log/httpd/access_log
+C:/log/httpd/error_log
+C:/logs/access.log
+C:/logs/access_log
+C:/logs/error.log
+C:/logs/error_log
+C:/logs/httpd/access_log
+C:/logs/httpd/error_log
+C:/MININT/SMSOSD/OSDLOGS/VARIABLES.DAT
+C:/mysql/bin/my.ini
+C:/mysql/data/hostname.err
+C:/mysql/data/mysql.err
+C:/mysql/data/mysql.log
+C:/mysql/my.cnf
+C:/mysql/my.ini
+C:\nginx-1.7.4\conf\nginx.conf
+C:\nginx-1.7.4\nginx.conf
+C:/opt/xampp/logs/access.log
+C:/opt/xampp/logs/access_log
+C:/opt/xampp/logs/error.log
+C:/opt/xampp/logs/error_log
+C:/php4/php.ini
+C:/php4/sessions/
+C:/php5/php.ini
+C:/php5/sessions/
+C:/php/php.ini
+C:/php/sessions/
+C:/program files/apache group/apache2/conf/httpd.conf
+C:/program files/apachegroup/apache2/conf/httpd.conf
+C:/programfiles/apachegroup/apache2/conf/httpd.conf
+C:/program files/apache group/apache/conf/httpd.conf
+C:/program files/apachegroup/apache/conf/httpd.conf
+C:/programfiles/apachegroup/apache/conf/httpd.conf
+C:/program files/apache group/apache/logs/access.log
+C:/program files/apache group/apache/logs/error.log
+C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
+C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log
+C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log
+C:/program files/filezilla server/filezilla server.xml
+C:/program files/mysql/data/hostname.err
+C:/program files/mysql/data/mysql-bin.log
+C:/program files/mysql/data/mysql.err
+C:/program files/mysql/data/mysql.log
+C:/program files/mysql/my.cnf
+C:/program files/mysql/my.ini
+C:/program files/mysql/mysql server 5.0/data/hostname.err
+C:/program files/mysql/mysql server 5.0/data/mysql-bin.log
+C:/program files/mysql/mysql server 5.0/data/mysql.err
+C:/program files/mysql/mysql server 5.0/data/mysql.log
+C:/program files/mysql/mysql server 5.0/my.cnf
+C:/program files/mysql/mysql server 5.0/my.ini
+C:/program files/mysql/mysql server 5.1/my.ini
+C:/program files (x86)/apache group/apache2/conf/httpd.conf
+C:/program files (x86)/apache group/apache/conf/access.log
+C:/program files (x86)/apache group/apache/conf/error.log
+C:/program files (x86)/apache group/apache/conf/httpd.conf
+C:/program files (x86)/filezilla server/filezilla server.xml
+C:/program files (x86)/xampp/apache/conf/httpd.conf
+C:/program files/xampp/apache/conf/httpd.conf
+C:/programfiles/xampp/apache/conf/httpd.conf
+C:/program files/xampp/apache/conf/httpd.confetc/passwd
+C:/sysprep.inf
+C:/sysprep/sysprep.inf
+C:/sysprep/sysprep.xml
+C:/sysprep.xml
+C:/system32/inetsrv/metabase.xml
+C:/system volume information/wpsettings.dat
+C:/unattended.txt
+C:/unattended.xml
+C:/unattend.txt
+C:/unattend.xml
+C:/users/administrator/desktop/desktop.ini
+C:/users/administrator/ntuser.dat
+C:/users/administrator/ntuser.ini
+C:\wamp\apache2\logs\access.log
+C:\wamp\apache2\logs\access_log
+C:\wamp\apache2\logs\error.log
+C:\wamp\apache2\logs\error_log
+C:\wamp\logs\access.log
+C:\wamp\logs\access_log
+C:\wamp\logs\error.log
+C:\wamp\logs\error_log
+C:/windows/csc/v2.0.6/pq
+C:/windows/csc/v2.0.6/sm
+C:/windows/debug/netsetup.log
+C:/windows/explorer.exe
+C:/windows/iis6.log
+C:/windows/iis6.log (5,6 or 7)
+C:/windows/iis7.log
+C:/windows/iis8.log
+C:/windows/notepad.exe
+C:/windows/panther/setupinfo
+C:/windows/panther/setupinfo.bak
+C:/windows/panther/sysprep.inf
+C:/windows/panther/sysprep.xml
+C:/windows/panther/unattended.txt
+C:/windows/panther/unattended.xml
+C:/windows/panther/unattend/setupinfo
+C:/windows/panther/unattend/setupinfo.bak
+C:/windows/panther/unattend/sysprep.inf
+C:/windows/panther/unattend/sysprep.xml
+C:/windows/panther/unattend.txt
+C:/windows/panther/unattend/unattended.txt
+C:/windows/panther/unattend/unattended.xml
+C:/windows/panther/unattend/unattend.txt
+C:/windows/panther/unattend/unattend.xml
+C:/windows/panther/unattend.xml
+C:/windows/php.ini
+C:/windows/repair/sam
+C:/windows/repair/security
+C:/windows/repair/software
+C:/windows/repair/system
+C:/windows/system32/config/appevent.evt
+C:/windows/system32/config/default.sav
+C:/windows/system32/config/regback/default
+C:/windows/system32/config/regback/sam
+C:/windows/system32/config/regback/security
+C:/windows/system32/config/regback/software
+C:/windows/system32/config/regback/system
+C:/windows/system32/config/sam
+C:/windows/system32/config/secevent.evt
+C:/windows/system32/config/security.sav
+C:/windows/system32/config/software.sav
+C:/windows/system32/config/system
+C:/windows/system32/config/system.sa
+C:/windows/system32/config/system.sav
+C:/windows/system32/drivers/etc/hosts
+C:/windows/system32/eula.txt
+C:/windows/system32/inetsrv/config/applicationhost.config
+C:/windows/system32/inetsrv/config/schema/aspnet_schema.xml
+C:/windows/system32/license.rtf
+C:/windows/system32/logfiles/httperr/httperr1.log
+C:/windows/system32/sysprep.inf
+C:/windows/system32/sysprepsysprep.inf
+C:/windows/system32/sysprep/sysprep.xml
+C:/windows/system32/sysprepsysprep.xml
+C:/windows/system32/sysprepunattended.txt
+C:/windows/system32/sysprepunattended.xml
+C:/windows/system32/sysprepunattend.txt
+C:/windows/system32/sysprepunattend.xml
+C:/windows/system32/sysprep.xml
+C:/windows/system32/unattended.txt
+C:/windows/system32/unattended.xml
+C:/windows/system32/unattend.txt
+C:/windows/system32/unattend.xml
+C:/windows/system.ini
+C:/windows/temp/
+C:/windows/windowsupdate.log
+C:/windows/win.ini
+C:/winnt/php.ini
+C:/winnt/win.ini
+C:/xampp/apache/bin/php.ini
+C:/xampp/apache/conf/httpd.conf
+C:/xampp/apache/logs/access.log
+C:\xampp\apache\logs\access.log
+C:\xampp\apache\logs\access_log
+C:/xampp/apache/logs/error.log
+C:\xampp\apache\logs\error.log
+C:\xampp\apache\logs\error_log
+C:/xampp/filezillaftp/filezilla server.xml
+C:/xampp/filezillaftp/logs
+C:/xampp/filezillaftp/logs/access.log
+C:/xampp/filezillaftp/logs/error.log
+C:/xampp/mercurymail/logs/access.log
+C:/xampp/mercurymail/logs/error.log
+C:/xampp/mercurymail/mercury.ini
+C:/xampp/mysql/data/mysql.err
+C:/xampp/phpmyadmin/config.inc
+C:/xampp/phpmyadmin/config.inc.php
+C:/xampp/phpmyadmin/phpinfo.php
+C:/xampp/php/php.ini
+C:/xampp/sendmail/sendmail.ini
+C:/xampp/sendmail/sendmail.log
+C:/xampp/tomcat/conf/tomcat-users.xml
+C:/xampp/tomcat/conf/web.xml
+C:/xampp/webalizer/webalizer.conf
+C:/xampp/webdav/webdav.txt

File Inclusion - Path Traversal/Intruders/windows-files.txt

@@ -1,192 +0,0 @@
-C:/MININT/SMSOSD/OSDLOGS/VARIABLES.DAT
-c:/$recycle.bin/s-1-5-18/desktop.ini
-c:/apache/log/access.log
-c:/apache/log/access_log
-c:/apache/log/error.log
-c:/apache/log/error_log
-c:/apache/logs/access.log
-c:/apache/logs/access_log
-c:/apache/logs/error.log
-c:/apache/logs/error_log
-c:/apache/php/php.ini
-c:/apache2/log/access.log
-c:/apache2/log/access_log
-c:/apache2/log/error.log
-c:/apache2/log/error_log
-c:/apache2/logs/access.log
-c:/apache2/logs/access_log
-c:/apache2/logs/error.log
-c:/apache2/logs/error_log
-c:/boot.ini
-c:/documents and settings/administrator/desktop/desktop.ini
-c:/documents and settings/administrator/ntuser.dat
-c:/documents and settings/administrator/ntuser.ini
-c:/home/bin/stable/apache/php.ini
-c:/home2/bin/stable/apache/php.ini
-c:/inetpub/logs/logfiles
-c:/inetpub/wwwroot/global.asa
-c:/inetpub/wwwroot/index.asp
-c:/inetpub/wwwroot/web.config
-c:/log/access.log
-c:/log/access_log
-c:/log/error.log
-c:/log/error_log
-c:/log/httpd/access_log
-c:/log/httpd/error_log
-c:/logs/access.log
-c:/logs/access_log
-c:/logs/error.log
-c:/logs/error_log
-c:/logs/httpd/access_log
-c:/logs/httpd/error_log
-c:/mysql/bin/my.ini
-c:/mysql/data/hostname.err
-c:/mysql/data/mysql.err
-c:/mysql/data/mysql.log
-c:/mysql/my.cnf
-c:/mysql/my.ini
-c:/opt/xampp/logs/access.log
-c:/opt/xampp/logs/access_log
-c:/opt/xampp/logs/error.log
-c:/opt/xampp/logs/error_log
-c:/php/php.ini
-c:/php/sessions/
-c:/php4/php.ini
-c:/php4/sessions/
-c:/php5/php.ini
-c:/php5/sessions/
-c:/program files (x86)/apache group/apache/conf/access.log
-c:/program files (x86)/apache group/apache/conf/error.log
-c:/program files (x86)/apache group/apache/conf/httpd.conf
-c:/program files (x86)/apache group/apache2/conf/httpd.conf
-c:/program files (x86)/filezilla server/filezilla server.xml
-c:/program files (x86)/xampp/apache/conf/httpd.conf
-c:/program files/apache group/apache/conf/httpd.conf
-c:/program files/apache group/apache/logs/access.log
-c:/program files/apache group/apache/logs/error.log
-c:/program files/apache group/apache2/conf/httpd.conf
-c:/program files/apachegroup/apache/conf/httpd.conf
-c:/program files/apachegroup/apache2/conf/httpd.conf
-c:/program files/filezilla server/filezilla server.xml
-c:/program files/mysql/data/hostname.err
-c:/program files/mysql/data/mysql-bin.log
-c:/program files/mysql/data/mysql.err
-c:/program files/mysql/data/mysql.log
-c:/program files/mysql/my.cnf
-c:/program files/mysql/my.ini
-c:/program files/mysql/mysql server 5.0/data/hostname.err
-c:/program files/mysql/mysql server 5.0/data/mysql-bin.log
-c:/program files/mysql/mysql server 5.0/data/mysql.err
-c:/program files/mysql/mysql server 5.0/data/mysql.log
-c:/program files/mysql/mysql server 5.0/my.cnf
-c:/program files/mysql/mysql server 5.0/my.ini
-c:/program files/mysql/mysql server 5.1/my.ini
-c:/program files/xampp/apache/conf/httpd.conf
-c:/program files/xampp/apache/conf/httpd.confetc/passwd
-c:/programfiles/apachegroup/apache/conf/httpd.conf
-c:/programfiles/apachegroup/apache2/conf/httpd.conf
-c:/programfiles/xampp/apache/conf/httpd.conf
-c:/sysprep.inf
-c:/sysprep.xml
-c:/sysprep/sysprep.inf
-c:/sysprep/sysprep.xml
-c:/system volume information/wpsettings.dat
-c:/system32/inetsrv/metabase.xml
-c:/unattend.txt
-c:/unattend.xml
-c:/unattended.txt
-c:/unattended.xml
-c:/users/administrator/desktop/desktop.ini
-c:/users/administrator/ntuser.dat
-c:/users/administrator/ntuser.ini
-c:/windows/csc/v2.0.6/pq
-c:/windows/csc/v2.0.6/sm
-c:/windows/debug/netsetup.log
-c:/windows/explorer.exe
-c:/windows/iis6.log
-c:/windows/iis6.log (5,6 or 7)
-c:/windows/iis7.log
-c:/windows/iis8.log
-c:/windows/notepad.exe
-c:/windows/panther/setupinfo
-c:/windows/panther/setupinfo.bak
-c:/windows/panther/sysprep.inf
-c:/windows/panther/sysprep.xml
-c:/windows/panther/unattend.txt
-c:/windows/panther/unattend.xml
-c:/windows/panther/unattend/setupinfo
-c:/windows/panther/unattend/setupinfo.bak
-c:/windows/panther/unattend/sysprep.inf
-c:/windows/panther/unattend/sysprep.xml
-c:/windows/panther/unattend/unattend.txt
-c:/windows/panther/unattend/unattend.xml
-c:/windows/panther/unattend/unattended.txt
-c:/windows/panther/unattend/unattended.xml
-c:/windows/panther/unattended.txt
-c:/windows/panther/unattended.xml
-c:/windows/php.ini
-c:/windows/repair/sam
-c:/windows/repair/security
-c:/windows/repair/software
-c:/windows/repair/system
-c:/windows/system.ini
-c:/windows/system32/config/appevent.evt
-c:/windows/system32/config/default.sav
-c:/windows/system32/config/regback/default
-c:/windows/system32/config/regback/sam
-c:/windows/system32/config/regback/security
-c:/windows/system32/config/regback/software
-c:/windows/system32/config/regback/system
-c:/windows/system32/config/sam
-c:/windows/system32/config/secevent.evt
-c:/windows/system32/config/security.sav
-c:/windows/system32/config/software.sav
-c:/windows/system32/config/system
-c:/windows/system32/config/system.sa
-c:/windows/system32/config/system.sav
-c:/windows/system32/drivers/etc/hosts
-c:/windows/system32/eula.txt
-c:/windows/system32/inetsrv/config/applicationhost.config
-c:/windows/system32/inetsrv/config/schema/aspnet_schema.xml
-c:/windows/system32/license.rtf
-c:/windows/system32/logfiles/httperr/httperr1.log
-c:/windows/system32/sysprep.inf
-c:/windows/system32/sysprep.xml
-c:/windows/system32/sysprep/sysprep.xml
-c:/windows/system32/sysprepsysprep.inf
-c:/windows/system32/sysprepsysprep.xml
-c:/windows/system32/sysprepunattend.txt
-c:/windows/system32/sysprepunattend.xml
-c:/windows/system32/sysprepunattended.txt
-c:/windows/system32/sysprepunattended.xml
-c:/windows/system32/unattend.txt
-c:/windows/system32/unattend.xml
-c:/windows/system32/unattended.txt
-c:/windows/system32/unattended.xml
-c:/windows/temp/
-c:/windows/win.ini
-c:/windows/windowsupdate.log
-c:/winnt/php.ini
-c:/winnt/win.ini
-c:/xampp/apache/bin/php.ini
-c:/xampp/apache/conf/httpd.conf
-c:/xampp/apache/logs/access.log
-c:/xampp/apache/logs/error.log
-c:/xampp/filezillaftp/filezilla server.xml
-c:/xampp/filezillaftp/logs
-c:/xampp/filezillaftp/logs/access.log
-c:/xampp/filezillaftp/logs/error.log
-c:/xampp/mercurymail/logs/access.log
-c:/xampp/mercurymail/logs/error.log
-c:/xampp/mercurymail/mercury.ini
-c:/xampp/mysql/data/mysql.err
-c:/xampp/php/php.ini
-c:/xampp/phpmyadmin/config.inc
-c:/xampp/phpmyadmin/config.inc.php
-c:/xampp/phpmyadmin/phpinfo.php
-c:/xampp/sendmail/sendmail.ini
-c:/xampp/sendmail/sendmail.log
-c:/xampp/tomcat/conf/tomcat-users.xml
-c:/xampp/tomcat/conf/web.xml
-c:/xampp/webalizer/webalizer.conf
-c:/xampp/webdav/webdav.txt

File Inclusion - Path Traversal/README.md

@@ -337,4 +337,5 @@ login=1&user=admin&pass=password&lang=/../../../../../../../../../var/lib/php5/s
 * [Baby^H Master PHP 2017 by @orangetw](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017)
 * [Чтение файлов => unserialize !](https://rdot.org/forum/showthread.php?t=4379)
 * [New PHP Exploitation Technique - 14 Aug 2018 by Dr. Johannes Dahse](https://blog.ripstech.com/2018/new-php-exploitation-technique/)
-* [It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It, Sam Thomas](https://github.com/s-n-t/presentations/blob/master/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf)
+* [It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It, Sam Thomas](https://github.com/s-n-t/presentations/blob/master/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf)
+* [Local file inclusion mini list - Penetrate.io](https://penetrate.io/2014/09/25/local-file-inclusion-mini-list/)