Difference between revisions of "Exploiting Local/Remove File Inclusion"

(Created page with "= What is LFI / RFI? = Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside...")
 
Line 1: Line 1:
 
= What is LFI / RFI? =
 
= What is LFI / RFI? =
Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre.  
+
Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre.
 
 
'''LFI''' - Local File Inclusion - used to include from local filesystem, e.g.
 
* /etc/passwd
 
* /etc/shadow
 
* /var/log/apache2/access_log
 

Revision as of 13:11, 26 April 2018

What is LFI / RFI?

Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre.

Retrieved from "https://blaksec.com/index.php?title=Exploiting_Local/Remove_File_Inclusion&oldid=64"