From Syhunt Web Application Security Docs

Vulnerabilities: File Inclusion

File Inclusion

Detected by Syhunt: Yes (locally, remotely)
Type: Injection Flaw
Also Known As: RFI, LFI, Traversal Local File Inclusion
CWE: 98

Remote File Inclusion is a flaw that may allow a remote attackers to execute arbitrary commands on an affected system. The issue is triggered by specifying malicious include files in vulnerable parameters of web applications. The flaw may allow arbitrary commands execution, resulting in a loss of integrity.

Local File Inclusion is a similar flaw that may allow malicious users to view the contents of arbitrary local files. The issue results from parameters not being properly checked before being used to include files. The flaw allows the inclusion of arbitrary local files and additionally, may allow the execution of arbitrary local PHP code, also resulting in loss of integrity.

Detailed Information

Examples of vulnerable code

Below you can find very basic examples of file inclusion vulnerabilities.

PHP

 
<?php
$incfile = $_REQUEST['file'];
include($incfile.'.php');
?>
 

Syhunt scan results for this example code:

Found: 1 vulnerability
In /rfi_sample.php (source code, locally), affecting parameter "file", on lines
2,3:
  Possible File Inclusion Vulnerability

ASP

 
<%
Server.Execute(Request.QueryString["file"])
%>
 

Syhunt scan results for this example code:

Found: 1 vulnerability
In /fi_basic.aspx (source code, locally), on line 2:
  Possible File Inclusion Vulnerability

Links For Pen-Testers

Retrieved from http://www.syhunt.com/docwiki/index.php?n=Vulnerabilities.FileInclusion
Page last modified on October 24, 2010, at 02:31 AM