Leveraging LFI to RCE using zip://
So you’ve found a page that’s vulnerable to Local File Inclusion: You do some testing to leverage this vulnerability to RCE, but nothing's working. Null bytes don't work, /proc/self/environ doesn't work, and wrappers that lead to RCE such as data:// or php://input do not work either. Don't give up…
Corben Leo