File Inclusion


Description

The application is vulnerable to file inclusion. The application uses user-controlled data in an unsafe manner to build a path to executable code. This allows the attacker to control which file is executed at runtime. An attacker who can subverts the path to executable code may be able to execute remotely or locally hosted code on the system in order to attack the application and its infrastructure.

Impact

File inclusion is a serious vulnerability that allows attackers to execute remote or local files on the server. An attacker with the ability to execute a malicious file on the server can gain access to the file system through a web shell.  Once an attacker has remote access to the server, they can exfiltrate sensitive data, compromise the integrity of application data, or cause denial of service to the application.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply