The file scheme (RFC 8089) can be used in different ways when attacking an application that allows URL insertion. The file scheme can be used to extract files from the local application that you target. In some rare cases it may be possible to read remote files using the syntax: file://<host>/<file>. Otherwise, this technique can be used to bypass filters and read arbitary system files.

Now that you know how you can use this techniques to your advantage, you can test your practical skills in the official lab below.