Local File Inclusion to Remote Code Execution

Uzma Sheikh; Dr. Ravi Sheth

Local File Inclusion to Remote Code Execution

Authors: Uzma Sheikh, Dr. Ravi Sheth

Unique Paper ID: 149766
Volume: 7
Issue: 1
PageNo: 533-536

Keywords: LFI RCE RFI Local file inclusion in a web app Remote code execution in a web app LFI to RCE.

Abstract:
Web applications are designed to present to any user with a web browser a system-independent interface to some dynamically generated content. By my analysis over the last several years, web applications and their importance have increased. Simultaneously of growing web applications, the quantity and impact of security vulnerabilities in such applications have grown as well. The application may be designed with the acceptance that users will only enter valid data as the programmer deliberate, in terms of both data and ways of entering input. However, if the user's input is not handled properly, serious security problems can eventuate. There are possible separate methods that can be used to trigger the execution of code on both the client and the server-side. LFI attack reveals the sensitive information of the server by simply adding some extra payloads in URLs or requests. LFI attacks lead to password files configuration files and some of the sensitive files of the systems. RCE execute/upload malicious script in the server that leads to the access control of the system. In this paper, we show how we can perform RCE through LFI.

Download article

email to a friend

Cite This Article

ISSN: 2349-6002
Volume: 7
Issue: 1
PageNo: 533-536

Local File Inclusion to Remote Code Execution

Available:https://ijirt.org/Article?manuscript=149766

Impact Factor
8.01 (Year 2024)

UGC Approved
Journal no 47859

Join Our IPN

IJIRT Partner Network

Submit your research paper and those of your network (friends, colleagues, or peers) through your IPN account, and receive 800 INR for each paper that gets published.

Join Now