Commit 9aebc10c authored by bobloblaw's avatar bobloblaw
Browse files

Updates local_file_inclusion.md 

Auto commit by GitBook Editor
parent d0b1ee96

SUMMARY.md

+1 −1
Original line number Diff line number Diff line
@@ -39,7 +39,7 @@ 
        * [WAF - Web application firewall](waf_-_web_application_firewall.md)

        * [Attacking the System](lead_to_compromise.md)

            * [Local File Inclusion](local_file_inclusion.md)

            * [Remote file inclusion](remote_file_inclusion.md)

            * [Remote File Inclusion](remote_file_inclusion.md)

            * [Hidden Files and Directories](web-scanning.md)

            * [SQL-injections](sql-injections.md)

            * [Nosql-injections](nosql-injections.md)

local_file_inclusion.md

+1 −1
Original line number Diff line number Diff line
@@ -171,7 +171,7 @@ Found in the home-directory 


Under the right circumstances you might be able to get a shell from a LFI



### Log poising

### Log poisoning



There are some requirements. We need to be able to read log files. In this example we are going to poison the apache log file. You can use either the success.log or the error.log

remote_file_inclusion.md

+1 −1
Original line number Diff line number Diff line 
# Remote file inclusion

# Remote File Inclusion



A remote file inclusion vulnerability lets the attacker execute a script on the target-machine even though it is not even hosted on that machine.