I have a question about a Local File Inclusion (LFI) vulnerability on a Windows system. When it's possible to download any file from the operating system (OS), which file should I download first?
I'm currently only aware of this vulnerability and no have no further information about directory structure et cetera.
A few things came to my mind:
- source code, potential information leaks about backends, configurations et cetera;
- metabase.xml for IIS setups;
- autoexec.bat in case there is anything juicy at startup.