June 2018
Intermediate to advanced
294 pages
7h 5m
English
Local File Inclusion (LFI) is exploited by including a file path in the URL that points to the local web server that hosts the web application. This vulnerability, when exploited, will allow directory traversal characters (such as dot-dot-slash) to be injected.
Consider the following example:
http://domain_name/index.php?file=hackme.html
What if I can change the hackme file to another file on the web server system? Let's check it out!
http://domain_name/index.php?file=../../../../etc/passwd
Interesting, right? This will load the passwd file on a Linux Web Server. Let's see a more concrete example using Mutillidae:
Read now
Unlock full access