File Inclusion
there is 2 types
Local file inclusion (LFI)
is this case we can exposing or running files on the web server
code ex :
In the above example, an attacker could make the following request. It tricks the application into executing a PHP script such as a web shell that the attacker managed to upload to the web server.
Remote file inclusion (RFI)
is this case we can dynamically include external files or scripts.
Using the above PHP script, an attacker could make the following HTTP request to trick the application into executing server-side malicious code, for example, a backdoor or a webshell.
Last updated