Local File Inclusion to Remote Code Execution

Local File Inclusion to Remote Code Execution
Author(s):
Uzma Sheikh, Dr. Ravi Sheth
Keywords:
LFI, RCE, RFI, Local file inclusion in a web app, Remote code execution in a web app, LFI to RCE.
Abstract
Web applications are designed to present to any user with a web browser a system-independent interface to some dynamically generated content. By my analysis over the last several years, web applications and their importance have increased. Simultaneously of growing web applications, the quantity and impact of security vulnerabilities in such applications have grown as well. The application may be designed with the acceptance that users will only enter valid data as the programmer deliberate, in terms of both data and ways of entering input. However, if the user's input is not handled properly, serious security problems can eventuate. There are possible separate methods that can be used to trigger the execution of code on both the client and the server-side. LFI attack reveals the sensitive information of the server by simply adding some extra payloads in URLs or requests. LFI attacks lead to password files configuration files and some of the sensitive files of the systems. RCE execute/upload malicious script in the server that leads to the access control of the system. In this paper, we show how we can perform RCE through LFI.
Article Details
Unique Paper ID: 149766 Publication Volume & Issue: Volume 7, Issue 1 Page(s): 533 - 536
Article Preview & Download

Share This Article

ICM - STEP

International conference on Management, Science, Technology, Engineering, Pharmact and Humanities.