LFI-LFD-RFI-Path Traversal


LFI-LFD-RFI-Path Traversal

Local File Inclusion (LFI): The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a dynamic file inclusion mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.

It also known as that is the process of including files, that are already locally present on the server, through the exploiting of vulnerable inclusion procedures implemented in the application.

Function that could result in LFI:

1-include ()

2-inculde _once()

3-require ()

4-require_once()


Local File Disclosure (LFD): The same as local file inclusion but it enable be to execute file not only read it .

Note: Every LFI can be LFD but every LFD not necessary to be LFI.

A local file inclusion vuln means it executes the contents it includes, like PHP's include() function.

A local file disclosure vuln discloses the contents of the local file.

Reconsider your definition of local file inclusion if the vulnerability discloses files not executes them.

yeah historically, it was inclusion as in "code inclusion" not "content inclusion"...

Remote File Inclusion(RFI): A remote file inclusion (RFI) occurs when a file from a remote web server is inserted into a web page. This can be done on purpose to display content from a remote web application. But, it can also happen by accident, due to a misconfiguration of the respective programming language, which can lead to a RFI attack.

Even though this kind of file inclusion can occur in almost every kind of web application, those written in PHP code are more likely to to be vulnerable to Remote File Inclusion attacks, because PHP provides native functions that allow the inclusion of remote files. Other languages usually require a workaround to imitate this behavior.

How Does Remote File Inclusion work? In order to include a remote file you have to add a string with the URL of the file to an Include function of the respective language (for example, PHP). Then the web server of the website under attack makes a request to the remote file, fetches its contents and includes it on the web page serving the content. It is then processed by the parser of the language.

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. It should be noted that access to files is limited by system operational access control (such as in the case of locked or in-use files on the Microsoft Windows operating system).

This attack is also known as “dot-dot-slash”, “directory traversal”, “directory climbing” and “backtracking”.



Comments

Popular posts from this blog

Polaris’ Intellect Core Banking Software Version 9.7.1- Open Redirect [CVE-2018-14931]

Stored XSS Vulnerability in Hot Scripts Clone:Script Classified Version 3.1-[CVE-2018-7650]

Incorrect Access Control- Smart Vista SVFE-2 Module [CVE-2018-15207]