Examples of LFI for different languages, this is really useful for situations in which input sanitation does not exist or is misconfigured. PHP ```php if (isset($_GET['language'])) { include($_GET['language']); } ``` Node.js ```javascript if(req.query.language) { fs.readFile(path.join(__dirname, req.query.language), function (err, data) { res.write(data); }); } ``` ```js app.get("/about/:language", function(req, res) { res.render(`/${req.params.language}/about.html`); }); ``` Java ```jsp <c:if test="${not empty param.language}"> <jsp:include file="<%= request.getParameter('language') %>" /> </c:if> ``` JSP ```jsp <c:import url= "<%= request.getParameter('language') %>"/> ``` .NET ```cs @if (!string.IsNullOrEmpty(HttpContext.Request.Query['language'])) { <% Response.WriteFile("<% HttpContext.Request.Query['language'] %>"); %> } ``` Additional example using the **"@HTML.Partial()"** function: ```cs @Html.Partial(HttpContext.Request.Query['language']) ``` Example using the **Include** function: ```cs <!--#include file="<% HttpContext.Request.Query['language'] %>"--> ``` Table of the Function Capabilities in regard to Read, execute, and remote URL. ![[LFI examples.png]]