PRIMARY CATEGORY → WEB ATTACKS
Theory
Main Concept
LFI vulnerabilities can lead to source code disclosure, sensitive data exposure, and even remote code execution under certain conditions. Leaking source code may allow attackers to test the code for other vulnerabilities, which may reveal previously unknown vulnerabilities.
Furthermore, leaking sensitive data may enable attackers to enumerate the remote server for other weaknesses or even leak credentials and keys that may allow them to access the remote server directly.
Under specific conditions LFI may also allow attackers to execute code on the remote server, which may compromise the entire back-end server and any other servers connected to it.
~HTB
Functions
PHP
| FUNCTION | READ CONTENT | EXECUTE | REMOTE URL |
|---|---|---|---|
include() include_once() | ✔ | ✔ | ✔ |
require() require_once() | ✔ | ✔ | ❌ |
file_get_contents() | ✔ | ❌ | ✔ |
fopen() file() | ✔ | ❌ | ❌ |
PHP Directives
The PHP directives below are directly related to the LFI vulnerability if they are misconfigured
However, if configured correctly, many LFI-related attack vectors will be prevented
- Allow_url_fopen → RFI
- Allow_url_include → RFI
- Open_basedir → LFI ( Outside Web Root )
Components ⟡
RCE
LFI to RCE