DVWA file inclusion
Execute commands on a Operating system via a website
What is File inclusion attack
A page of the mind which is visible after being included, then we attack the file exclusively.
for example a page = about.php Is available, but when you click on the contact, then the page = contact.php is accessible. This means that this page is being shown by being included.
💡 In such places, we attack using the file inclusion, we can include it in two ways, see the example for this
Security Low, medium, high
First way : Local inclusion
Syntax : /dvwa/vulnerabilities/fi/?page=< insert file with location>
- First of all, you create a file that you need to include and save it on desktop or anywhere.
- Then follow the given syntax like page = location of file with name and extension.
- This May I am giving an example of inserting a page from my local Pesonal computer which is saved on my desktop
- You try on your computer
//My file is saved on the computer desktop under the name index.html
My URL : http://localhost/dvwa/vulnerabilities/fi/?page=file:///C:\Users\hmmm\Desktop/index.html
My included page look like this.
Second way : Remote inclusion
Syntax : /dvwa/vulnerabilities/fi/?page=< insert Remote file with location>
//My file is saved on the local server under the name index.html