Testing for Local File Inclusion
This article is part of the OWASP Testing Guide v4 (the current status is:DRAFT).
OWASP Testing Guide v4 Table of Contents [DRAFT] At the moment the The entire OWASP Testing Guide v3 can be downloaded here.
File Inclusion vulnerability allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:
- Code execution on the web server
- Denial of Service (DoS)
- Sensitive Information Disclosure
Description of the Issue
Why is it so bad
Black Box testing and example
Gray Box testing and example
- Wikipedia - http://www.wikipedia.org