O'Reilly logo

Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari, Gilberto Najera-Gutierrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Local File Inclusion

In a Local File Inclusion (LFI) vulnerability, files local to the server are accessed by the include function without proper validation; that is, files containing server code are included in a page and their code is executed. This is a very practical feature for developers, as they can reuse code and optimize their resources. The problem arises when user-provided parameters are used to select the files to be included and when insufficient or no validation is made. Many people confuse an LFI flaw with the path traversal flaw. Although the LFI flaw often exhibits the same traits as the path traversal flaw, the application treats both the flaws differently. With the path traversal flaw, the application will only read and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required