LFI-LFD-RFI-Path Traversal


LFI-LFD-RFI-Path Traversal

Local File Inclusion (LFI): The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a dynamic file inclusion mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.

It also known as that is the process of including files, that are already locally present on the server, through the exploiting of vulnerable inclusion procedures implemented in the application.

Function that could result in LFI:

1-include ()

2-inculde _once()

3-require ()

4-require_once()


Local File Disclosure (LFD): The same as local file inclusion but it enable be to execute file not only read it .

Note: Every LFI can be LFD but every LFD not necessary to be LFI.

A local file inclusion vuln means it executes the contents it includes, like PHP's include() function.

A local file disclosure vuln discloses the contents of the local file.

Reconsider your definition of local file inclusion if the vulnerability discloses files not executes them.

yeah historically, it was inclusion as in "code inclusion" not "content inclusion"...

Remote File Inclusion(RFI): A remote file inclusion (RFI) occurs when a file from a remote web server is inserted into a web page. This can be done on purpose to display content from a remote web application. But, it can also happen by accident, due to a misconfiguration of the respective programming language, which can lead to a RFI attack.

Even though this kind of file inclusion can occur in almost every kind of web application, those written in PHP code are more likely to to be vulnerable to Remote File Inclusion attacks, because PHP provides native functions that allow the inclusion of remote files. Other languages usually require a workaround to imitate this behavior.

How Does Remote File Inclusion work? In order to include a remote file you have to add a string with the URL of the file to an Include function of the respective language (for example, PHP). Then the web server of the website under attack makes a request to the remote file, fetches its contents and includes it on the web page serving the content. It is then processed by the parser of the language.

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. It should be noted that access to files is limited by system operational access control (such as in the case of locked or in-use files on the Microsoft Windows operating system).

This attack is also known as “dot-dot-slash”, “directory traversal”, “directory climbing” and “backtracking”.



Comments

Post a Comment

Popular posts from this blog

Polaris’ Intellect Core Banking Software Version 9.7.1- Open Redirect [CVE-2018-14931]

Image
[+] Credits: Neeraj Kumar, Hai Dang Long [+] Email: neeraj.iiita2009@gmail.com Vendor: ==================== http://www.polarisft.com Product: =================== Polaris’ Intellect Core Banking, Core and Portal Module Version: =================== Affected Version: 9.7.1 Vulnerability Type: ==================== Open Redirect CVE Reference: ============== CVE-2018-14931 Vulnerability Details: ====================== Polaris’ Intellect Core Banking Software, In the Core module is vulnerable to open redirect vulnerability. Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the co
Read more

Stored XSS Vulnerability in Hot Scripts Clone:Script Classified Version 3.1-[CVE-2018-7650]

Image
[+] Credits:  Neeraj Kumar [+] Email:  neeraj.iiita2009@gmail.com Vendor: ==================== https://www.phpscriptsmall.com/ Product: =================== Hot Scripts Clone:Script Classified Version 3.1 Link to access the Product: ===================== https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/ Vulnerability Type: ========================== Cross site scripting - Stored XSS CVE Reference: ============== CVE-2018-7650 Vulnerability Details: ====================== Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS with the "Add New" function in Management User. Within the "Add New" section the application does not sanitize user supplied input and renders injected javascript code to the users browsers. This is different from CVE-2018-6878. An attackers use this vulnerability to inject malicious javascript code such as hijack user sessions, malicious redirect, deface web
Read more

Stored XSS Vulnerability in Bookme Control Panel 2.0-[CVE-2018-8737]

Image
[+] Credits: Neeraj Kumar [+] Email: neeraj.iiita2009@gmail.com Vendor: ==================== https://bylancer.com Product: =================== Bookme Control Panel 2.0 Link to access the Product: =================== https://bylancer.com/products/bookme-wp-booking-plugin/ Vulnerability Type: ========================== Cross site scripting - Stored XSS CVE Reference: ============== CVE-2018-8737 Vulnerability Details: ====================== Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser. Attackers use this vulnerability to inject malicious javascript code such as hijack user sessions, malicious redirect, deface web sites, insert hostile content, redirect users, hijack the user’s browser usin
Read more