Difference between revisions of "Exploiting Local/Remove File Inclusion"
(Created page with "= What is LFI / RFI? = Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside...") |
(No difference)
|
Revision as of 13:11, 26 April 2018
What is LFI / RFI?
Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre.
LFI - Local File Inclusion - used to include from local filesystem, e.g.
- /etc/passwd
- /etc/shadow
- /var/log/apache2/access_log