LFI: Local file inclusion.
After going through many tutorials I have two things I can/t figure out:
- checking the vulnerability: I don't understand what makes a website vulnerable or not. For example, in the stackexchange network itself we can make changes in the url:
https://security.stackexchange.com/questions/ask <-- for asking a question. https://security.stackexchange.com/tags <-- tags
so I can go to any location in the site which means it is vulnerable to LFI, right?
- Is this vulnerability specific to sites run on linux/unix? what if the site doesn't contain /etc/psswd directory would it be vulnerable.(What if there is no such directoryin the site)