IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [file-inclusion]

A remote code execution attack where user input is used to build the path of code files to be executed, allowing an attacker to control which code is executed. Most commonly affects web applications that rely on a scripting run time, most commonly PHP.

Typically this is a Local File Inclusion vulnerability where the attacker can execute or view arbitrary files already present on the server but not upload arbitrary code.

See wikipedia File inclusion vulnerability.

See OWASP Testing for Local File Inclusion

37 questions
1
vote
1 answer

Local file inclusion in JS app

I am working on a project which requires the name of the page as a query parameter 'path'. The app stores path variable as res.query.path. My manager asked me to pay attention to LFI, so I'm concerned about it. The app is using Express.JS, and no…
hakiki_makato
  • 143
  • 7
1
vote
2 answers

Local File Inclusion [ Post-Exploitation ]

I am curious what kind of sensitive files should I look for on a Windows server which is vulnerable to LFI compared to Linux? I mean the first file or common files which a pentester or an unauthorized user will go for? I am looking for possible…
Cash-
  • 57
  • 4
  • 10
1
vote
2 answers

Tomcat application arbitrary file read exploitation

In recent black-box pen-test of a webapp hosted on CentOS, I found a vulnerability that allowed me to grab contents of files (kind of file inclusion) located within the home path of Tomcat. In classic scenario, I tried to read /etc/passwd but…
puni aze
  • 11
  • 1
  • 3
1
vote
1 answer

Difference between XML external entities and Remote File Inclusion attacks

I was just studying about the XML external entities attack and Remote File Inclusion Attack. According to my understanding, the XML external entities attack is where the XML parser in the web application has the option of external entities enabled…
Skynet
  • 598
  • 5
  • 12
1
vote
1 answer

Prevent injection in PHP file

Recently I wrote this code: I heard that…
MucaP
  • 113
  • 4
1
vote
3 answers

Local File Inclusion to RCE using PHP File Wrappers

Suppose we have code that looks something like this: Now the above code is vulnerable to LFI. If I pass payload ../../../../etc/passwd%00it works perfect and I get the file. However I'm trying to…
hax
  • 11
  • 1
  • 1
  • 2
1
vote
0 answers

LFI to RCE when log file isn't readable

During a penetration test, I came across an endpoint which lets me include local files and I can read /etc/passwd. However I don't have permissions to read proc/self/environ and /etc/shadow. The endpoint looks…
ramailo sathi
  • 271
  • 1
  • 4
  • 18
0
votes
3 answers

How to leverage a stored XSS to perform a file inclusion?

I have identified a stored XSS and I'm wondering, how could I leverage that vulnerability to upload a shell.
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
0
votes
0 answers

How does "./" affects signature generation for files, in a PHP based web application?

I am solving a lab related to serialization vulnerabilities. It deals with retrieving files based on the signature. The theory of the lab states as quoted, "Adding ./ will still give you the same file but the application will generate a different…
ThinkTank
  • 1
0
votes
2 answers

How does Local File Inclusion (LFI) work?

In the past few days, I have created my own webserver to serve as my sandbox for learning pen-testing. I saw this blog (https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1) and wanted to attempt something similar and…
CBCH
  • 15
  • 5
0
votes
1 answer

Please define "Carpet Bombing"

I saw a 2008 article about a certain vulnerability in WebKit which referred to "Carpet Bombing": https://www.cert.org/blogs/certcc/2008/09/carpet_bombing_and_directory_p.html (This vulnerability is now resolved using a blacklist - DLLs, JAR, and…
700 Software
  • 13,807
  • 3
  • 52
  • 82
0
votes
1 answer

Rails File.open(#{Rails.root}) is vulnerable to LFI?

I am performing White Box testing on Rails application with static code analyzing tools like brakeman, I came across an instance where the developer is loading images using file.open. file = File.open("#{Rails.root}/app/assets/path/image.jpg") Due…
Captain-Robot
  • 3
  • 1
0
votes
1 answer

Metasploit Exploitation with Virtual Hosts (PHP_Include Exploit)

I am currently trying to build an example of a host vulnerable to Remote File Inclusion vulnerabilities. I have a docker application which hosts 3 vulnerable websites, and in order to access them I have my hosts file set up as…
asphyz
  • 1
  • 1
  • 1
0
votes
1 answer

Remotely included script cannot set session variables

I'm trying to simulate a remote file inclusion attack on my local web server as part of a course I am taking. I got the idea of being able to "logging" in on a website I set up without really logging via the system, rather by just setting the…
Simon Hyttfors
  • 3
  • 1
0
votes
1 answer

File inclusion check bypass

The following function is used to protect from arbitrary file download:- function file_download($file_name, $file_path) { $allowedExtensions = array( "csv" ); $checkFileName = explode(DIRECTORY_SEPARATOR,$file_name); …
Aayush
  • 557
  • 6
  • 17
1
2
3