File Inclusion
Detected by Syhunt: Yes (Dynamic, Code)
Type: Injection Flaw
Also Known As: RFI, LFI, Traversal Local File Inclusion
CWE: 98
Remote File Inclusion is a flaw that may allow a remote attackers to execute arbitrary commands on an affected system. The issue is triggered by specifying malicious include files in vulnerable parameters of web applications. The flaw may allow arbitrary commands execution, resulting in a loss of integrity.
Local File Inclusion is a similar flaw that may allow malicious users to view the contents of arbitrary local files. The issue results from parameters not being properly checked before being used to include files. The flaw allows the inclusion of arbitrary local files and additionally, may allow the execution of arbitrary local PHP code, also resulting in loss of integrity.
Detailed Information
- Understanding PHP RFI Vulnerabilities - MicroSolved
- Remote File Inclusion - WASC
- Malicious File Execution - OWASP
- PHP RFI: Old Attack, Common #FAIL - MicroSolved
Examples of vulnerable code
Below you can find very basic examples of file inclusion vulnerabilities.
PHP
<?php $incfile = $_REQUEST['file']; include($incfile.'.php'); ?>
Syhunt scan results for this example code:
Found: 1 vulnerability In /rfi_sample.php (source code, locally), affecting parameter "file", on lines 2,3: Possible File Inclusion Vulnerability
ASP
<% Server.Execute(Request.QueryString["file"]) %>
Syhunt scan results for this example code:
Found: 1 vulnerability In /fi_basic.aspx (source code, locally), on line 2: Possible File Inclusion Vulnerability
Links For Pen-Testers
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-–-tricks-of-the-trade/
- Metasploit PHP Remote File Include Generic Exploit