O'Reilly logo

Penetration Testing with Perl by Swizec Teller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

File inclusion vulnerability discovery

In the following subsections, we will learn how to discover possible Local and Remote File Inclusion vulnerabilities in our client target's web applications. File inclusion is another common form of web attack, in which we, the attackers, change a file parameter in a request to include other files on the victim server's filesystem or from a remote server.

Local File Inclusion

Let's begin by jumping right into an example. Let's say we are still analyzing the Bold It! application and after running a file brute force scan similar to this in Chapter 7, SQL Injection with Perl, we found a link in page in the application that displays a file on the same server with a GET parameter labeled as include_file.

The preceding ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required