| Remote File Inclusion |
|
Overview Remote file inclusion allows an attacker to include file remote (from the web servers point of view) possibly allowing code execution, denial of service, and data disclosure. Discovery Methodology The page displayed in Mutillidae is determined by the value of the "page" parameter. What would happen the "page" parameter was changed to a filename URI which is located on a remote server but not intended to be served? Exploitation A URI can be used to specify a remote file such as http://www.google.com. Example: index.php?page=http://www.google.com Videos Warning: Could not reach YouTube via network connection. Failed to embed video. How to Exploit Local File Inclusion Vulnerability using Burp-Suite: Visit YouTube Site Warning: Could not reach YouTube via network connection. Failed to embed video. ISSA 2013 Web Pen-testing Workshop - Part 6 - Local/Remote File Inclusion: Visit YouTube Site |