Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

Local File Inclusion Via PHP Filter

Details
Written by: khalil shreateh
Category: Websites Security
Hits: 14840

Local File Inclusion

Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files i.e. files on the current server can be included. The vulnerability is also due to the use of user-supplied input without proper validation. 

 

  • /vulnerable.php?COLOR=/etc/passwd%00 - allows an attacker to read the contents of the passwd file on a UNIX system directory traversal.

 

Local File Inclusion Via PHP Filter

By using "php://filter/convert.base64-encode/resource=" attacKer can convert the source file on the server to base64, and output the result via LFI Vulnerability . 

 

This video shows how Local File Inclusion Via PHP Filter works .

Video Copyright : Brazil .