File inclusion vulnerability discovery

In the following subsections, we will learn how to discover possible Local and Remote File Inclusion vulnerabilities in our client target's web applications. File inclusion is another common form of web attack, in which we, the attackers, change a file parameter in a request to include other files on the victim server's filesystem or from a remote server.

Local File Inclusion

Let's begin by jumping right into an example. Let's say we are still analyzing the Bold It! application and after running a file brute force scan similar to this in Chapter 7, SQL Injection with Perl, we found a link in page in the application that displays a file on the same server with a GET parameter labeled as include_file.

The preceding ...

Get Penetration Testing with Perl now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.