LFI
LFI appears to be absolutely present on /deparment/manage.php?notes=file/nineveNotes.txt
Failed Attempts
I attempted as many as possible
None of them worked.
I tried this
Now, It’s showing errors instead of now showing anything.
At least, I now know the absolute path of this web server
Success
This worked for some reason.
the include() function at the notes parameter likely checks for the string, “ninevehNotes”
I could also include the index.html file of the web root.
i won’t be able to use the php://Filter technique to read other PHP files due to the length filter
LFI confirmed.