File Inclusion Attacks

GPTKB entity

Statements (23)
Predicate Object
gptkbp:instanceOf Cybersecurity Vulnerability
gptkbp:affects Web Applications
gptkbp:cause gptkb:Privilege_Escalation
Remote Code Execution
Information Disclosure
gptkbp:commonIn PHP Applications
gptkbp:detects gptkb:Dynamic_Application_Security_Testing
Static Code Analysis
gptkbp:example Including /etc/passwd in Unix systems
Including http://evil.com/shell.txt
gptkbp:exploits Improper Input Validation
gptkbp:firstDescribed Early 2000s
https://www.w3.org/2000/01/rdf-schema#label File Inclusion Attacks
gptkbp:mitigatedBy Whitelisting File Paths
Disabling Remote File Access
Input Sanitization
gptkbp:relatedTo Command Injection
Directory Traversal
gptkbp:riskFactor High
gptkbp:type gptkb:Local_File_Inclusion
gptkb:Remote_File_Inclusion
gptkbp:bfsParent gptkb:fire
gptkbp:bfsLayer 4