File inclusion vulnerability discovery
In the following subsections, we will learn how to discover possible Local and Remote File Inclusion vulnerabilities in our client target's web applications. File inclusion is another common form of web attack, in which we, the attackers, change a file parameter in a request to include other files on the victim server's filesystem or from a remote server.
Local File Inclusion
Let's begin by jumping right into an example. Let's say we are still analyzing the Bold It! application and after running a file brute force scan similar to this in Chapter 7, SQL Injection with Perl, we found a link in page in the application that displays a file on the same server with a GET parameter labeled as
The preceding ...