[Owasp-testing] Remote File include vulnerability

Byrne, David David.Byrne at echostar.com
Tue Apr 10 13:25:39 EDT 2007



In my experience, you usually need the source code to do this. The idea
is that on some platforms (mostly PHP), script files can be included at


               include($base_path . "/utils.php");


If register_globals is enabled (older versions of PHP enable it by
default), and base_path is never initialized in the script, base_path
can be set from the URL




This will run the attack PHP file on the victim web server. I've seen
this happen mostly on files that are not intended to be called alone.
For example, a utility library that usually gets included after a
configuration file that sets base_path.


I don't know of effective methods for testing this without access to the
code. I suppose a particularly poorly written app might have a path in
the URL query by design, which could then be modified. You could also
try to use common variable names (like base_path), although you would
still have to find a vulnerable script which is probably never called
directly by a browser.


David Byrne

OWASP-Denver Leader





From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Denise
Sent: Tuesday, April 10, 2007 10:45 AM
To: owasp-testing
Subject: [Owasp-testing] Remote File include vulnerability


Hi to all, 


            Can someone please tell me, how to carry out penetration
testing for Remote File Include Vulnerability?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070410/45315256/attachment.html 

More information about the Owasp-testing mailing list