LFI (Local File Inclusion) Attack: Basic Concept and Understanding

Cyber Security & Ethical Hacking

 LFI (Local File Inclusion) Attack: Basic Concept and Understanding

Written by: Abdullah Al Mahmud Rafsan



What is LFI?
Local File Inclusion (LFI) is a common web application vulnerability that allows an attacker to include and read files on the server through the web browser. This usually happens when a web application takes user input and loads files without properly validating or sanitizing the input.

Example:
A URL might look like this:



http://example.com/index.php?page=home

Here, page=home means the server is including a file, typically home.php.
If the server does not properly validate the input, an attacker could manipulate the parameter to access sensitive files.

Example of an LFI Attack:
An attacker could modify the URL as follows:



http://example.com/index.php?page=../../../../etc/passwd

This would make the server include the /etc/passwd file, which contains important system user information on Linux systems.

How does LFI work?

  1. The application directly uses user-supplied input in file paths.

  2. Lack of sanitization allows attackers to use directory traversal sequences like ../.

  3. Attackers can then move up directories and include sensitive files.

Common Payloads:

  • ../../../../etc/passwd

  • ....//....//....//....//etc/passwd

  • %2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd (URL-encoded version)

What Can Be Achieved Through LFI?

  • Reading sensitive server files

  • Session hijacking by including session files

  • Potential Remote Code Execution (RCE) under special circumstances (e.g., log file poisoning)

How to Prevent LFI?

  • Always validate and sanitize user input strictly.

  • Use a whitelist approach — allow only specific, known files to be included.

  • Block directory traversal patterns like ../ or use secure file path functions.

  • Set correct file and directory permissions on the server.

Real-Life Example:
In 2010, a major online forum suffered a massive data breach due to an LFI vulnerability. Attackers exploited the flaw to access sensitive files and leaked thousands of user records. This shows how devastating LFI can be if not properly handled.

Conclusion:
As cybersecurity professionals, it is our responsibility to identify vulnerabilities like LFI before attackers do. Strengthening input validation and securing file access are critical steps towards building a safer internet.

0 تعليقات