LFI → RCE: Abusing Stream Wrappers with Uploaded Microsoft DOCX Files

Jan 19 · 7 min read · During an engagement, I identified a Local File Inclusion (LFI) vulnerability in a document transfer application written in plain PHP. Although the application enforced strict file upload controls—restricting uploads to .doc, .docx, and .pdf files an...