File Inclusion

LFI and RFI are terms I’ve heard many times in the past 5 years, mainly in the context of Windows vulnerabilities and pentesting. I’ve done CTF challenges with file uploads, then using LFI to execute the shell. I’ve loaded code from remote sites exploiting RFI vulnerabilities. But I never really associated the terms LFI and RFI with these actions. Perhaps it’s because I’ve spent too long in infrastructure. Anyways, I hope to understand the what file inclusion is, what causes it, and how to fix it....

15 September, 2022 · 3 min · 584 words · JD