🌄
Shikata Ga Nai
  • Shikata Ga Nai
  • General
  • Gaining Access
    • Nmap
    • Reverse Shell
    • Password Cracking
    • Other Services
      • 21 - FTP
      • Enumerating SMB
    • Web
      • Web Enumeration
      • XSS
      • File Inclusion
      • SQL Injection
  • Linux Foothold
    • Linux Tricks
    • Privesc
  • Windows Foothold
    • Privesc
  • Binary
    • Calling Conventions
    • Debuggers
    • Examining Binaries
    • Shellcoding
    • Bypassing Exploit Mitigation Techniques [Linux]
  • Stego
    • Stego tools
Powered by GitBook
On this page

Was this helpful?

  1. Gaining Access
  2. Web

File Inclusion

PreviousXSSNextSQL Injection

Last updated 4 years ago

Was this helpful?

Local file inclusion [LFI] vulnerabilities allow the attacker to access files on the web-server.

Remote file inclusion [RFI] vulnerabilities allow the attacker to access files on a remote machine through the web-server. This vulnerability is not as common as LFI, but easier to exploit.

If a file is writable and readable you can create yourself a web shell. log files are a good target for this.

PHP comes with .

built-in wrappers