Local File Inclusion

Local file inclusion is a vulnerability which an attacker can exploit to include/read files. It occurs when an application uses the path to a file as input. If the application treats this input as trusted, a local file may be used in the include statement.

Impacts of Local File Inclusion:

  • DOS. 
  • RCE.
  • Sensitive Information Disclosure.

LET’S GET HANDS-ON, EXPLOITING LFI VULNERABILITY

This is the path where we can check for the Local File Inclusion vulnerability.

Let’s include a search parameter  ‘page’ which is searching for the file home.html.

You can see it displays the message, “you included  home.html”  which means we successfully accessed the file home.html by providing the path as input.

Let’s try to access the password file,

Success!!

This vulnerability exists due to the bad code.

 Example:

 $local_file = $_REQUEST[“page];

LFI USING DIRECTORY TRAVERSAL

WHAT IS DIRECTORY TRAVERSAL?

Directory traversal or Path traversal is an HTTP attack that allows attackers to access restricted directories and execute commands outside of the web servers root directory and other paths.

Let’s get hands-on,

Now, when we include home.html as the input we don’t get any output.

This means the file which we are searching for doesn’t exist in the present directory. let’s try by providing input as 

../home.html

Success!!

This vulnerability exists due to vulnerable directory traversal code 

example:

$local_file = “html/”.$_REQUEST[“page];

RCE USING LFI AND LOG POISONING

Log poisoning is a however common technique used to gain a reverse shell by using Local File Inclusion vulnerability.

To make it work an attacker attempts to inject malicious input into the server log.

To inject malicious PHP code into the server log. The directory needs to have read and execute permission.

so, To do this we will tamper with the GET request with a PHP code, by providing a new parameter as ‘lfi’. Later this will allow us to execute the system commands by parsing the input to GET request.

hence, We successfully exploited the log poisoning vulnerability.

written by: Karthik Jogi

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *