Exploiting Local/Remove File Inclusion

Revision as of 14:11, 26 April 2018 by Dmina (talk | contribs) (Created page with "= What is LFI / RFI? = Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

What is LFI / RFI?

Local/Remove File Inclusion vulnerability allows an attacker to exploit a dynamic file inclusion mechanism of a web application to access files outside the intended spectre.

LFI - Local File Inclusion - used to include from local filesystem, e.g.

  • /etc/passwd
  • /etc/shadow
  • /var/log/apache2/access_log
Retrieved from "https://blaksec.com/index.php?title=Exploiting_Local/Remove_File_Inclusion&oldid=63"