greatbody
/
freeCodeCamp
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
freeCodeCamp/guide/english/php/security/local-file-inclusion/index.md

888 B
Raw Blame History

title
Local File Inclusion

Local File Inclusion

A vulnerability in the application caused by the programmer requiring a file input provided by the user and not sanitizing the input before accessing the requested file. This results in a file being included where it should not of been.

Example local file inclusion attacks

A website allows you to view PDFs as download.php?file=myfile.php, due to a lack of proper checking a malicious user is able to request /etc/passwd and get sensitive configuration information from the web server.

Defending your website from local file inclusion attacks in PHP

<?php
if(basename($_GET['file]) !== $_GET['file']) {
  die('INVALID FILE REQUESTED');
}

More Information: