Sunday, January 11, 2015

File inclusion vulnerability (PHP Object Injection)

File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events such as:
PHP injection or PHP Object Injection is an application level vulnerability that allows an attacker to perform various kinds of malicious attacks such as SQL Injection, Application Denial of Service, Code Injection and Path Traversal based on the context. The vulnerability generally occurs when the input supplied by the user is not sanitized properly before passing to the unserialize()PHP function(takes single serialized variable and converts it into the PHP value). PHP contains the object serialization feature that allows attackers to pass serialized strings to a vulnerable unserialize() call. This results in an arbitrary PHP object injection into the scope of the application. Serialized strings are those that create representations of the values that can be stored.

<?php include("inc/" . $_GET['file']); ?>
  • Including files in the same directory:
    ?file=.htaccess
  • Path Traversal:
    ?file=../../../../../../../../../var/lib/locate.db
    (this file is very interesting because it lets you search the filesystem, other files)
  • Including injected PHP code:
    ?file=../../../../../../../../../var/log/apache/error.log
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)