Home / Hacking Glossary / LFI

LFI (Local File Inclusion)

A web vulnerability allowing an attacker to include and read local files on the server through manipulated file path parameters, potentially exposing sensitive data or achieving code execution.

vulnerability web
Practice Challenges 1 category
Web Exploitation
View challenges
Related Labs 1 lab
Filter

Filter

Easy Local File Inclusion

Your mission is to bypass restrictive filters and exploit Local File Inclusion (LFI) vulnerabilities. But that's not all???use your skills to escalate into Command Injection. Can you manipulate the input and take full control?

PRO
View all labs →
Active CTF Events 3

SecurityBoat Community CTF Event 2026

Jan 4 - Jan 4, 2026 · 100 players

Bsides Agra CTF 2025

Dec 6 - Dec 7, 2025 · 100 players

Bsides Vizag CTF 2025

Dec 5 - Dec 6, 2025
View all events →
Related Terms 12
Command Injection Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Directory Traversal IDOR (Insecure Direct Object Reference) Open Redirect RFI (Remote File Inclusion) SQL Injection (SQLi) SSRF (Server-Side Request Forgery) SSTI (Server-Side Template Injection) XML External Entity (XXE) XPath Injection

Ready to learn LFI hands-on?

Put theory into practice with real hacking labs, CTF challenges, and guided courses on Parrot CTFs Events.

Get Started Free