Web servers control access to privileged files and resources through configuration settings. Privileged files include files that should only be accessible by system administrators. For example, the /etc/passwd file on UNIX-like platforms or the boot.ini file on Windows systems.
A LFI attack is an attempt to access privileged files using directory traversal attacks. LFI attacks include different styles including the dot-dot-slash attack (../), directory brute-forcing, directory climbing, or backtracking.