Local File Inlcusion(LFI)-page-1

Local File Inclusion (LFI) is finding of a particular “local” file in the web server which could be used possibly to compromise the security of the website.

Suppose, there is a website http://example.com/test.php?page=ab.php where it is calling the content of ab.php using the page parameter.

This vulnerability mainly occurs when the web developer tries to include a file using the GET parameter without proper checks.

One example of vulnerable code is

<? php

$page = $_GET[page];



It means ab.php is called in this url. Now what happens when instead of ab.php, we try to call another file on the same web server. Given the condition that it’s a UNIX box, we may try looking for some default files, such as /etc/passwd.

The URL to call this file from the disk would be


../in particular moves us one directory upwards. So, first of all, we go to the root directory ( / ) 

, and then we navigate to the etc folder, to get the passwd file.  The /etc/passwd file is a text file, that contains a list of the system's accounts for each account some useful information like

user ID, group ID, home directory, shell, etc.

The content of /etc/passwd is in the form :

Name:Password: UserID:PrincipleGroup:Gecos: HomeDirectory:Shell

Following is a sample output, you may get to see in the /etc/passwd file :









ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin


But suppose in some scenario, the web developer knows about a vulnerability called LFI, and he decides to append a “.php” to the end of every file asked for. In that case, we would use what is known as Null Byte. Null Byte is a byte consisting of 8 zeroes or 0x00 in hexadecimal.

So, to bypass the null byte appending, we just use null byte in such a way that the server doesn’t reads the .php extension which gets appended to our filename. http://example.com/test.php?page=../../../etc/passwd%00


<< Prev | Next >>

Home | Notes Catalog | Privacy & Terms | About us | Contact us | Site map |     Copyright © Notesbin.com 2016.                                     Template by WebThemez.com