File Inclusion Flashcards
What is File Inclusion?
In some circumstances, web applications are written to request access to files via parameters
What is a Parameter?
Parameters are query parameter strings attached to URLs to retrieve data or perform an action based on user input.
Whats an example of parameters at work and where would one be implemented? Please write out a URL and explain:
http://webapp.thm/get.php?File=userCV.pdf
As you can see we have a full URL here with the parameter query string attached at the end. This is signified by use of the “?” followed by whatever the parameter is going to be.
What is Path Traversal?
Path Traversal also known as Directory Traversal, this vulnerability allows the attacker to read operating system resources.
Whats an example of something that you’d be able access using Path Traversal and what do can you do to those files?
An example would be local fees running on a web application, you can then exploit these files by altering and messing with the file parameter of the URL.
What is Local File Inclusion?
Local File Inclusion works on he same principles as Path Traversal, however as the attacker you can use this to trick web application into running or exposing files on the web server.
What’s ../ do?
../ is a trick used for directory traversal (path traversal), the number of ../ is corresponding to the number of levels a path has.
What are some common developer tricks that are used when trying to stop Local File Inclusions?
Sometimes when doing Local File Inclusion you’ll notice that a piece of code has actually been appended to your inclusion to purposely make it fail.
How can this security measure be over taken?
The appended code trick can be overcome by using the NULL sign.
What are other security measures that developers use to try and stop File Inclusion?
Another security measure that could possible be implemented is when you use the ../ trick you may have to use an extra slash making it ..// to get over the security measure.
What is Remote File Inclusion?
Remote File Inclusion is a technique used to include remote files into a vulnerable web application.
Which of these File Inclusions Is worse from a security perspective?
Remote File Inclusions are the more dangerous considering that these vulnerabilities are capable of giving the attacker remote access to the server.
What does the NULL sign actually do?
The NULL sign looks like this %00, and the sign ignores everything that comes after the NULL sign.
