Looking for file inclusions
File inclusion vulnerabilities occur when developers use request parameters, which can be modified by users to dynamically choose what pages to load or to include in the code that the server will execute. Such vulnerabilities may cause a full system compromise if the server executes the included file.
In this recipe, we will test a web application to discover if it is vulnerable to file inclusions.
How to do it...
- Log into DVWA and go to File Inclusion.
- It says that we should edit the get parameters to test the inclusion. Let's try this with
index.php.
It seems that there is no
index.phpfile in that directory (or it is empty), ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
