By | October 26, 2020

In this article, we are telling you about Local File Inclusion Vulnerability, we also know it as File Inclusion Vulnerability, here everything is being told practically to you.

Here we are telling you about the Local File Inclusion Vulnerability on the live website as well as you are being told this attack on the Xtreme Vulnerable Web Application and the use of the tool is also being told here.

Here we have hidden some information as if you also know that some kind of live website cannot be attacked in this way, in such a way we have done this to show you a demo or else it is called illegal.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

What is Local File Inclusion Vulnerability ?

As the name itself suggests, Local File Inclusion Vulnerability is a bug with the help of which hackers can access the internal files of a website’s server, you are being told how all this is done.

One thing you must know here before doing practical about Local File Inclusion Vulnerability is that this attack uses a lot of payloads like you have been told about XSS payloads in Cross Site Scripting attacks.

If we try to understand Local File Inclusion Vulnerability in easy language, in this way you can say that hackers can see the files of local server in a website with the help of this bug which are not allowed publicly.

Local File Inclusion Vulnerability

In such a case, if you get Local File Inclusion Vulnerability in a website, then you can take bounty by reporting it, but if you use its miss, then the website owner suffers a lot of damage.

Because if you have a good knowledge of payloads, in such a way you can access all the files kept in the database, in such a way, a lot of personal data gets leaked along with the data of the users.

Local File Inclusion Vulnerability (Practical) ?

First of all, you are being told to use Local File Inclusion Vulnerability in xvwa as you can see in the image, you get to see the option of File Inclusion Vulnerability here.

Local File Inclusion Vulnerability

As soon as we have clicked on the click here button, a file is opened in this way, in this way you can also see in the url address, this is how hackers try Local File Inclusion Vulnerability attack.

Local File Inclusion Vulnerability

In some way, it can be entered in another file through the url itself, like we have told you here by entering another folder of xvwa, you can also open any other file on the local server.

Local File Inclusion Vulnerability

But to do this you need to have knowledge of database, only then you can find Local File Inclusion Vulnerability in a website, just like you can see in the image, in this way the file of another folder has been opened.

Here you can find the list of LFI Payloads easily on google, you also get all this on github’s website but you need a lot of practice to perform this attack, in such a way, you must use burp suite.

In this way you can see in live website as if we have given any directory random here, in such a way we are getting an error show as well as we are also showing directory, in such a way we are getting such directory which is in this website does exist.

What is Directory Path Traversal

Local File Inclusion Vulnerability

Here we want to make you clear one thing, you are getting permission denied show here, in this way it means that this directory exists in this website, if it fails then open show is in such a directory does not exist.

In this way, we have opened a file through the url address here as you can see in the image, how can we find it, for this you can not be told completely here, there are some limitations here.

Local File Inclusion Vulnerability

We have told you here to understand how Local File Inclusion Vulnerability works in a real website, in this way Remote File Inclusion Vulnerability can also be found in any website, it will be told further.

You can also find Local File Inclusion Vulnerability with the help of such tools. Here we are telling you about a tool. There are many other similar tools that can be used to find Local File Inclusion Vulnerability.

Here first you have to download this tool and install it in such a way that as you can see in the image, after doing all this you can use this tool. git clone https://github.com/S1lkys/Auto_LFI

After running this tool, you have to set the target and give the path of the file, after doing something like this, your attack starts, here it is the same address inside the file which you can use from the directory.

As you can see in the image here, this tool is like a bruteforce attack, here it gives you such url address by finding which help you to open the hidden directory files.

Here you are thinking what is it in the file, in this way you can see the file by opening it, you get the same path using which we have shown the directory to you in the live website.

The Conclusion

I hope now you know about Local File Inclusion Vulnerability. We have told you everything here practically. This is how hackers find Local File Inclusion Vulnerability bug.

Here we want to make you clear one thing that it is not that the method by which you are being told about an attack is done in the same way, we can guide you about an attack but how can he perform the attack it Depends on you.

In such a situation, it all depends on your practice, so you must know about an attack and try to get more deeply about it. By doing this, your skills improve and you only benefit.

I hope that you will not misuse any of the methods mentioned here, all of this has been told to you for educational purpose, you can use all this to bounty the bug.

If you have any kind of question or you have to ask anything about Local File Inclusion Vulnerability attack, you can ask in a comment, we will help you completely.

Here you have been told a lot of things like facebook hacking, whatsapp hacking, python programming language, if you want, you can also read our article, subscribe to our blog for latest updates.

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *