Local File Inclusion (LFI)

The server extracts 'page' parameter from request, and appends an extension such as '.php' before including it. tries without succes to open /etc/password.php.

On php version older than 5.3.4, adding a null byte at the end of our parameter will mean the end of the string, and leads to ignoring the extension '.php'.