| Remote File Inclusion |
|
Overview Remote file inclusion allows an attacker to include file remote (from the web servers point of view) possibly allowing code execution, denial of service, and data disclosure. Discovery Methodology The page displayed in Mutillidae is determined by the value of the "page" parameter. What would happen the "page" parameter was changed to a filename URI which is located on a remote server but not intended to be served? Exploitation A URI can be used to specify a remote file such as http://www.google.com. Example: index.php?page=http://www.google.com Videos ISSA 2013 Web Pen-testing Workshop - Part 6 - Local/Remote File Inclusion: Load the video |