For those are not familiar with Security Assessment, An attack method called Local File Inclusion where it will exploit any vulnerable inclusion procedure that been implemented inside the application.
The attacker can use this method to information disclosure, remote code execution(RCE) and even a Cross-Site Scripting(XSS) attack. The web application will normally detect this input as trusted which the file might be used within the include statement code.
How to test the method?
For the attack to be work, an example of the PHP script can be seen as below:
/** * Get the filename from a GET input * Example - http://example.com/?file=filename.php */ include <example.php> $file = $_GET['file'];
Depending on the page, the attacker can use a different way to traversal the path of the page.
You can see the example of the Local File Inclusion way:
The solution or recommendation for the attack can be followed such as:
- Blacklisting all the important path and filenames from been released into the public.
- The developer needs to remove all the character sequences which the attacker can bypass those character.
- The developer needs to use the encoding of the file path with based64 or any other similar functions so that
- Encoding the file path with base64, bin2hex or similar functions as this can be reversed relatively easily by an attacker.