Very clear explanation. The odd thing on my end however, is that even on low difficulty, I do not see an included website for RFI like you do on 1:42. Stuff like ../../hackable/flags/fi.php and etc/passwd work just fine, but I do not see an additional website on top like in your video. Any idea why?
after downloading the backdoor, I followed your steps on creating a python server under the local host and even setting the netcat listener to port 1234 but it wont connect or return me a shell. Once I enter the full path on the URL it still loads the same site. Am I doing something wrong here?
The actual files of the server might be only 2 folders into the root folder for example they might just be in /var/dvwa (just guessing) so you only need to specify ../ twice and even if the folder is only 2 folders into the root folder you can pass as many ../ as you want.
@@drewalleman thanks for the answer and I understand what you mean but even if I simply put ?page=/etc/passwd it still works regardless of the path mentioned. The path traversal here doesn't make sense, it should've been 5 times like you did. It works in all situations such as ?page=/etc/passwd, ../etc/passwd, ../../etc/passwd you get the idea.
@@xt355 Hmmm intresting. I understand why the /etc/passwd worked with no "../" in it because you are passing the absolute path to the file (this is typically disabled). But I don't know why it worked with just 2 "../" what security level were you on when you tried this?