File Inclusion
File Inclusion
Overview of the Vulnerability
Developers often include external files to incorporate images and external code libraries into applications. File inclusion vulnerabilities can occur when there are no limits placed around the type of files, or how an application allows files to be included. As a result, an attacker is able to manipulate the application to include a malicious file which is executed by the application or server. In doing so, an attacker can expose sensitive data, and in some instances gain Remote Code Execution (RCE).
Business Impact
File inclusion can result in data theft and manipulation, and reputational damage for the business as customers' trust is negatively impacted by an attacker’s ability to access and modify data on a server.
Steps to Reproduce
In a browser, navigate to the URL:
{{url}}viewer.php?filename=a\./../../etc/hostnameYou will see the hostname of the server running this request in the browser
Proof of Concept (PoC)
The screenshot below demonstrates the file inclusion:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
For a File inclusion vulnerabilities, you may take output from files that do not contain sensitive information, some examples would be /etc/hostname, /etc/password, or /etc/issues. Do not access or attempt to access sensitive information. Do not access Personally Identifiable Information (PII).
Recommendations(s)
All user input including file uploads should be inspected and validated File upload extension types should be limited to those needed only for business functionality. File names should be limited in character length and be generated by the application, not by users.
For more information on secure file uploads, please refer to: https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html
Last updated