DVWA file inclusion

Previous Next

Execute commands on a Operating system via a website

What is File inclusion attack

A page of the mind which is visible after being included, then we attack the file exclusively.

for example a page = about.php Is available, but when you click on the contact, then the page = contact.php is accessible. This means that this page is being shown by being included.

💡 In such places, we attack using the file inclusion, we can include it in two ways, see the example for this

Security Low, medium, high

First way : Local inclusion

Syntax : /dvwa/vulnerabilities/fi/?page=< insert file with location>

  1. First of all, you create a file that you need to include and save it on desktop or anywhere.
  2. Then follow the given syntax like page = location of file with name and extension.
  3. This May I am giving an example of inserting a page from my local Pesonal computer which is saved on my desktop
  4. You try on your computer
//My file is saved on the computer desktop under the name index.html C:\Users\hmmm\Desktop/index.html

My URL : http://localhost/dvwa/vulnerabilities/fi/?page=file:///C:\Users\hmmm\Desktop/index.html

My included page look like this.

Second way : Remote inclusion

Syntax : /dvwa/vulnerabilities/fi/?page=< insert Remote file with location>

//My file is saved on the local server under the name index.html

Previous Next
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.