[Owasp-topten] RC1 comments

Paweł Krawczyk pawel.krawczyk at hush.com
Sun Feb 17 18:51:43 UTC 2013

Well LFI, yes, but LFI has such low impact (though there are many ways
to convert it to RFI) that nobody cares.

If LFI/RFI has such low impact, how come they account for almost 40%
defacements (Dec 2012-Feb 2013):  File Inclusion 36.884%

Anything that allows you to execute your code on the server will be
high impact in most cases. Example (1 million sites hacked, today Bing
still shows 460k results):
Comment from Imperva on the same topic of LFI/RFI which I fully agree
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130217/cb399f06/attachment.html>

More information about the Owasp-topten mailing list