Local File Inclusion to Remote Code Execution
Author(s):
Uzma Sheikh, Dr. Ravi Sheth
Keywords:
LFI, RCE, RFI, Local file inclusion in a web app, Remote code execution in a web app, LFI to RCE.
Abstract
Web applications are designed to present to any user with a web browser a system-independent interface to some dynamically generated content. By my analysis over the last several years, web applications and their importance have increased. Simultaneously of growing web applications, the quantity and impact of security vulnerabilities in such applications have grown as well. The application may be designed with the acceptance that users will only enter valid data as the programmer deliberate, in terms of both data and ways of entering input. However, if the user's input is not handled properly, serious security problems can eventuate. There are possible separate methods that can be used to trigger the execution of code on both the client and the server-side. LFI attack reveals the sensitive information of the server by simply adding some extra payloads in URLs or requests. LFI attacks lead to password files configuration files and some of the sensitive files of the systems. RCE execute/upload malicious script in the server that leads to the access control of the system. In this paper, we show how we can perform RCE through LFI.
Article Details
Unique Paper ID: 149766

Publication Volume & Issue: Volume 7, Issue 1

Page(s): 533 - 536
Article Preview & Download


Share This Article

Go To Issue



Call For Paper

Volume 7 Issue 3

Last Date 25 August 2020

About Us

IJIRT.org enables door in research by providing high quality research articles in open access market.

Send us any query related to your research on editor@ijirt.org

Social Media

Google Verified Reviews

Contact Details

Telephone:6351679790
Email: editor@ijirt.org
Website: ijirt.org

Policies