Local File Inclusion

Discuss the many weaknesses of browser security and ways to mitigate the threat

Local File Inclusion

Post by Kataclysmic on Wed Oct 16, 2013 11:41 pm
([msg=77717]see Local File Inclusion[/msg])

I run a site called http://lawofcode.com and I have recently made two articles on a web vulnerability that I find myself pretty familiar with. I was just interested to see what people thought about them so I could see anything that I may be missing(or may not know) from the articles so I can help educate people better. The two articles are here:http://lawofcode.com/article.php?id=3 << How to exploit LFI http://lawofcode.com/article.php?id=4 << How to protect against it. Also let me know if there is anything I am flat out wrong about or am not really showing the full picture of. Thanks :)
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 27
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: Local File Inclusion

Post by LoGiCaL__ on Sat Oct 19, 2013 12:42 pm
([msg=77756]see Re: Local File Inclusion[/msg])

Just a heads up. None of those link are active :cry: .
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Local File Inclusion

Post by CollinJSimpson on Sat Oct 19, 2013 12:55 pm
([msg=77760]see Re: Local File Inclusion[/msg])

Looks like someone got to it first :P
CollinJSimpson
New User
New User
 
Posts: 2
Joined: Tue Oct 15, 2013 11:54 am
Blog: View Blog (0)


Re: Local File Inclusion

Post by Kataclysmic on Sat Oct 19, 2013 1:55 pm
([msg=77761]see Re: Local File Inclusion[/msg])

LoGiCaL__ wrote:Just a heads up. None of those link are active :cry: .

Check back on the 20th. Host shut me down because of SQLi attempts by people :P
http://lawofcode.com
What will you learn?
Kataclysmic
New User
New User
 
Posts: 27
Joined: Wed Oct 09, 2013 10:15 pm
Blog: View Blog (0)


Re: Local File Inclusion

Post by mShred on Sat Oct 19, 2013 2:25 pm
([msg=77764]see Re: Local File Inclusion[/msg])

Kataclysmic wrote:Check back on the 20th. Host shut me down because of SQLi attempts by people :P

Good deal. You could always redirect to a "Maintenance" kinda page. That way you don't have to completely shut down your site.
Also with this and the other thread. Security is huge when it comes to creating a website. You want to code the site with security being a priority right from the beginning. Rather than going back in and seeing all of the vulnerabilities, try and know how to prevent these things before/while you're coding. It'll save you from having to go back and it'll produce better code.
But +1 on it all too. Lookin forward to checkin it out.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1707
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests