Hey, I am not going to write much about this vulnerability. Its pretty straight forward. The web developer has provided you the ability to include any file from the local system or even remote system. So you can be creative and include any file you want to own the system. After watching the video, try this URL just to get the perspective: http://localhost/dvwa/vulnerabilities/fi/?page=http://google.com/robots.txt Now, think as devilish as you can and see what else you can do with this hole ;) Also, take a look at this exploit already present in the Metasploit framework. http://www.metasploit.com/modules/exploit/unix/webapp/php_include
"I don't believe you have to be better than everybody else. I believe you have to be better than you ever thought you could be."