-include-..-2f..-2f..-2f..-2froot-2f Work -

GET /index.php?page=-include-..-2F GET /*.php?*-include-* GET /*.*-2Froot-2F

: Improper Limitation of a Pathname to a Restricted Directory Description: -include-..-2F..-2F..-2F..-2Froot-2F

Your request contains a sequence of characters ( -include-..-2F..-2F..-2F..-2Froot-2F ) that resembles a or Local File Inclusion (LFI) payload often used in security testing. In a technical context, this sequence attempts to "escape" a standard web directory and access the "root" folder of a server. GET /index

Securing an application against file traversal requires a defense-in-depth approach. 1. Avoid Direct File Inclusion -include-..-2F..-2F..-2F..-2Froot-2F

http://vulnerable.site/page.php?file=../../../../etc/passwd

Decodes to: -include/../../../../../root/