IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [file-inclusion]

A remote code execution attack where user input is used to build the path of code files to be executed, allowing an attacker to control which code is executed. Most commonly affects web applications that rely on a scripting run time, most commonly PHP.

Typically this is a Local File Inclusion vulnerability where the attacker can execute or view arbitrary files already present on the server but not upload arbitrary code.

See wikipedia File inclusion vulnerability.

See OWASP Testing for Local File Inclusion

37 questions
0
votes
1 answer

From a local file inclusion to a shell when file is downloaded?

I've just participated in a boot2root capture the flag event where I got close to solving an item but couldn't quite get it over the line and want to learn what I could have done differently. In the event I managed to identify a vulnerable…
Michael A
  • 177
  • 8
0
votes
2 answers

Simple Remote File Inclusion vulnerability not working?

So I've hosted a php file vulnerable to RFI with code like this: However,when I try to exploit the code by vsiting…
Lew Wei Hao
  • 429
  • 5
  • 13
0
votes
1 answer

RFI - Is this possible even if you use an Application Server?

Since JBoss is acting as a middleware - Application Server - I was wondering if it's still possible to face with File Inclusion attacks.(?) The reason I was wandering so is that in such a case, no request will be directly sent to any Storage or…
Parsa Samet
  • 246
  • 2
  • 10
0
votes
1 answer

File inclusion on a website always appending .php

I'm looking at a website that uses a URL parameter to include the current page, like http://host.tld/index.php?page=about. If I add anything other than the current page (e.g. http://host.tld/index.php?page=test) it reflects the parameter, added with…
SaAtomic
  • 989
  • 2
  • 15
  • 27
-1
votes
1 answer

How to exploit a local file inclusion vulnerability in a Solaris server

I am trying to exploit a local file inclusion vulnerability on a Solaris server for my security course. The server is running Apache2 through CoolStack. What is the file that I need to open? The examples I saw so far all used Linux.
flooringleveret
  • 1
  • 1
-1
votes
1 answer

How To Patch LFI Vulnerabilities

I wonder how to patch the LFI problem in this code? Please suggest a good way to patch this vulnerability.
Skeletal007
  • 1
-3
votes
1 answer

LFI attacks auth.log , environ , passwd

paths like /proc/self/environ , /etc/passwd and /var/log/auth.log are targeted by the attackers. how can I hide those files ( passwd ) ( environ ) ( auth.log ) to be not include in LFI attack
Sec Researcher
  • 27
  • 5
1 2
3