# Basic Bypass ## Non-recursive path traversal filters * one of the most basic defences is a search and replace filters to simply delete substrings of (../) to avoid path traversals * $language = str\_replace('../', '', $\_GET\['language]); * This filter does not recursively remove the ../ substring, as it runs a single time on the input string and does not apply the filter on the output string * we can use ....// as our payload and the filter would only remove ../ leaving ../ behind. * we could also use * ..././ * ....\\/ * ....//// ## Encoding * some web filters may prevent input filters that include certain LFI-related characters, like a dot . or a slash / used for path traversal * these filters can sometimes be bypassed by encoding our input * Core PHP filters on version 5.3.4 and earlier were specifically vulnerable to this bypass, it can also work on newer versions occasionally * we can URL encode `../` into `%2e%2e%2f` * URL encoding can be done on any online encoder * burp decoder can be used to double encode strings to bypass other filters ## Approved Paths * Some applications may use Regex to ensure that the file being included is under a specific path * To find approved paths, examine the requests sent by the existing form to see what paths they use * we can also fuzz web directories under the same path or try different ones until we get a match * to bypass this use the accepted directory then use ../ to go back to root ## Appended Extension * Some web apps append an extension to our input string * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://lswsec.gitbook.io/lswsec-offensive/web/local-file-inclusion/basic-bypass.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.