Packt+ | Advance your knowledge in tech

You're reading from Web Penetration Testing with Kali Linux Explore the methods and tools of ethical hacking with Kali Linux

Product type Paperback

Published in Feb 2018

Publisher

ISBN-13 9781788623377

Length 426 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Ethical Hacking

Authors (3):

Juned Ahmed Ansari

Daniel W. Dieterle

Gilberto Najera-Gutierrez

View More author details

Table of Contents (13) Chapters

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. AJAX, HTML5, and Client-Side Attacks

10. Other Common Security Flaws in Web Applications

11. Using Automated Scanners on Web Applications

12. Other Books You May Enjoy

Leave a review – let other readers know what you think

File inclusion vulnerabilities

In a web application, the developer may include code stored on a remote server or code from a file stored locally on a server. Referencing files other than the ones in the web root is mainly used for combining common code into files that can be later referenced by the main application.

An application is vulnerable to file inclusion when it takes input parameters to determine the name of the file to include; hence, a user can set the name of a malicious file previously uploaded to the server (Local File Inclusion) or the name of a file in another server (Remote File Inclusion).

Local File Inclusion

In a Local File Inclusion (LFI) vulnerability, files local to the server are accessed by the include function without proper validation; that is, files containing server code are included in a page and their code is executed. This is a very practical feature for developers, as they can reuse code and optimize their resources. The problem arises when user-provided parameters...