LFI/RFI

LFI (Local File Inclusion): is a exploit that allows you to perform directory traversal attacks ie read information from the machine outside of the web host directory such as /etc/passwd this can not only be used to read sensitive information but can also be used to spawn a shell via RFI

http://pizza.com/index.php?page=../../../../../../../../../../etc/passwd

Remote File Inclusion (RFI): This exploit allows you to load a file from a remote server and have the target execute it. In php this is disabled by default (allow_url_include).

PreviousCrawler

Last updated 4 years ago