Local File Inclusion Via PHP Filter

Written by khalil shreateh on . Posted in Websites Security

Local File Inclusion

Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files i.e. files on the current server can be included. The vulnerability is also due to the use of user-supplied input without proper validation. 

LFI

 

 

Local File Inclusion Via PHP Filter

By using "php://filter/convert.base64-encode/resource=" attacKer can convert the source file on the server to base64, and output the result via LFI Vulnerability . 

 

This video shows how Local File Inclusion Via PHP Filter works .

Video Copyright : Brazil .

 

Tags: security, hackers, vulnerabilities, exploits, php

Print