File Inclusion

Local file inclusion [LFI] vulnerabilities allow the attacker to access files on the web-server.

Remote file inclusion [RFI] vulnerabilities allow the attacker to access files on a remote machine through the web-server. This vulnerability is not as common as LFI, but easier to exploit.

If a file is writable and readable you can create yourself a web shell. log files are a good target for this.

PHP comes with built-in wrappers.

Last updated