Nineveh Machine + LFI = Unknown Exploit


This is my first time submitting a discussion and hope I'am submitting it in right place and category.

Yesterday when I tried to exploit the Nineveh machine I stacked in LFI vulnerability and I realized something stranger in LFI and what made me more surprised when I saw a walkthroughs of this machine.

Actually, what I saw are some people could exploit the LFI in different dirctory path. For Example:

The original path:

Some people can go to specific path directory instead of files/ninevehNotes.txt :

Others, can do it in this way:

Also, by deleting the Files parameter:

For me the last method worked fine with me while others do NOT.
How did this happen?
Why the others methods didn't work?

Hope someone explain it to me, actually I spend all the day just to understand this part :(

Thanks in advance.


  • Hey there!
    I am also interested to know an explanation for this. I have been stuck for hours on this, trying to trigger my shell.php and nothing works for me yet. Do you have any updates about this?

  • Hi, in the manage.php there is this "$fileName = basename($file); if(!strpos($file, ninevehNotes")) exit("No Note is selected."); echo " The only thing that matter, is that ninevehNotes appears in your path. If you had created your database with the name ninevehNotes.php, you can circumvent this.

Sign In to comment.