LFI & RFI/Vulnerability Scanning Notes

Local File Inclusion and Remote File Inclusion

A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with "dot-dot-slash (../)" sequences or by using absolute file paths, it may be possible to access files. Web application security vulnerabilities that allow attackers to include malicious files, either locally on the server (LFI) or from a remote location (RFI).

Directory Traversal

• The web application doesn't properly validate user input.

• The attacker can read files without authorization.

• The most well-known (and easiest) method is ../ or ..\

Path Traversal | OWASP Foundationowasp.org

Directory Traversal vs File Inclusion

LFI/RFI has the ability to execute a file; it may be shell code or other local files that exist on the system.

Directory traversal only traverses the files. This is a read-only operation; we aren't actually executing anything.

Vulnerability Scanning

A technique used to identify hosts/host attributes and associated vulnerabilities.

Pros

• Fast

• less expensive then a pen test

• used by pentesters during a time-boxed engagement

• can usually be automated

Cons

• Not as thorough

• False positives

• Ratings can be subject to change.

  • Environment

  • Configuration

  • Data

• Not stealthy by default

Types of Vulnerability Scanners

• OpenVAS

• Nessus

• Rapid7

Web Application

• Nikto

• Burp Suite

• ZAP

7 Types of Vulnerability Scanners | RSI SecurityRSI Security