Local File Inclusion Exploitation


Programming languages as PHP, allow the insertion and interpretation of external files into the one that's being processed.
If badly used, this can lead to different security breaches. Among them you can find Local File Inclusion(LFI).

A LFI is a programming error, caused by the wrong use of parameters to form the filename to include. This allows a user
to manipulate the string in order to include the file he wants.


include('./' . $_GET['page'] . '.php');

PHP run as CGI in Linux environment

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License