1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

PHP Remote File Inclusion

Variants:
Direct Persistent Session 

Also Known As:
Malicious File Execution

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
PHP

Target Type:
Web Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
07/02/2001

Added In:
17/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious inputs can introduce external remote content or external server code into the application


Direct Variant:

PHP Remote File Inclusion

Variant Title:
PHP Remote File Inclusion

Typical Severity:
Critical

Resources:

Wiki

CWE

CAPEC

WASC

Vulnerapedia

OWASP Top10

OWASP Testing Guide

Hakipedia

Other I

White Papers:

Paper I

Paper II

Paper II

Learn More:





Persistent Variant:

Stored PHP Remote File Inclusion

Also Known As:
Persistent PHP Remote File Inclusion

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

PHP Remote File Inclusion via Session Puzzling

Also Known As:
Session PHP Remote File Inclusion

Typical Severity:
Critical

Resources:

White Papers:

Learn More:




TECAPI ©

Join