Handy FB Scripts

Free FB Extensions

Social Applications
Free Social Applications
Neww
Social Media Scripts

G+,LinkedIn & Other

Local File Inclusion Via PHP Filter

Local File Inclusion

Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files i.e. files on the current server can be included. The vulnerability is also due to the use of user-supplied input without proper validation. 

 

  • /vulnerable.php?COLOR=/etc/passwd%00 - allows an attacker to read the contents of the passwd file on a UNIX system directory traversal.

 

Local File Inclusion Via PHP Filter

By using "php://filter/convert.base64-encode/resource=" attacKer can convert the source file on the server to base64, and output the result via LFI Vulnerability . 

 

This video shows how Local File Inclusion Via PHP Filter works .

Video Copyright : Brazil .

 

Tags: security, hackers, vulnerabilities, exploits, php

Print Email

Copyright © 2016 Twitter/shreateh