Category: Attack Methodologies

Local File Inclusion (LFI) can occur within an application when input can affect what file is “included”. If the contents of a file are displayed, this could provide the attacker the opportunity to view files (maybe even sensitive ones) within the file system. Example Consider the following HTTP request to display a list of movies:…