Category: Websites Security
Hits: 12762

Local File Inclusion

Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files i.e. files on the current server can be included. The vulnerability is also due to the use of user-supplied input without proper validation. 

 

 

Local File Inclusion Via PHP Filter

By using "php://filter/convert.base64-encode/resource=" attacKer can convert the source file on the server to base64, and output the result via LFI Vulnerability . 

 

This video shows how Local File Inclusion Via PHP Filter works .

Video Copyright : Brazil .