Give a url pattern, use dollar sign ($) as a placeholder, e.g:
http://example.xxx/$.php (valid)
http://example.xxx/$.asp (valid)
http://example.xxx/$ (valid)
http://example.xxx/news.php (invalid)
LFI /proc/self/environ
You must give url with the variable to check, e.g:
http://example.xxx/news.php?sec=news&id=1 (valid)
http://example.xxx/news.php (invalid)
it is faster when you know which variable is vulnerable to LFI
use dollar sign ($) as a placeholder e.g:
http://example.xxx/news.php?sec=$&id=1 (valid)
http://example.xxx/news.php?sec=../../../../proc/self/environ&id=1 (valid)
