LFI (Local File Inclusion)
What is LFI or Local File Inclusion?
This Description from Wikipedia
is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected
Example of Php Vulnerable script
<?php $file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}
So...
