Local File Inclusion

Local File Inclusion – File inclusions can be discovered in the same way as directory traversals. We must locate parameters we can manipulate and attempt to use them to load arbitrary files. However, a file inclusion takes this one step further, as we attempt execute the contents of the file within the application. We should also check these parameters to see if they are vulnerable to remote inclusion (RFI) by changing their values to a URL instead of a local path. We are less likely to find RFI vulnerabilities since…

Read More

Open Redirection

Open Redirection

According to the Open Web Application Security Project, an open redirection occurs when an application takes a parameter and redirects a user to that parameter value without any conducting any validation on the value. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it, abusing the trust of a given domain to lead users to another. The malicious website serving as the redirect destination could be prepared to look like a legitimate site and try to collect personal / sensitive information. Check out…

Read More