Beginner Guide to File Inclusion Attack (LFI/RFI)

You can insert the content of one PHP file into another PHP file before the server executes it, with the include () function. The function can be used to create functions, headers, footers or element that will be reused on multiple pages.

This will help developers to make it easy to change the layout of complete website with minimal effort.

If there is any change required then instead of changing thousands of files just change included file.

Assume we have a standard footer file called “footer.php“, that looks like this

<?php

echo “<p>Copyright &copy; 2010-” . date(“Y”) . ” hackingartices.in</p>”;

?>

 To include the footer file in a page, use the include statement

<html>

<body>

<h1>Welcome to Hacking Articles</h1>

<p>Some text.</p>

<p>Some more text.</p>

<?php include ‘footer.php’;?>

</body>

</html>

 Example 2

Assume we have a file called “vars.php“, with some variables defined:

<?php

$color=’red’;

$car=’BMW’;

?>

 

<html>

<body>

 <h1>Welcome to my home page!</h1>

<?php include ‘vars.php’;

echo “I have a $color $car.”;

?>

 </body>

</html>

 

 Output: I have red BMW

PHP Require Function

The require statement is also used to include a file into the PHP code.

However, there is one big difference between include and require; when a file is included with the include statement and PHP cannot find it, the script will continue to execute:

Example 3

 <html>
<body>
<h1>Welcome to my home page!</h1>
<?php include ‘noFileExists.php’;
echo “I have a $color $car.”;
?>
</body>
</html>

 Output: I have a

If we do the same example using the require statement, the echo statement will not be executed because the script execution dies after the require statement returned a fatal error:

 <html>
<body>

<h1>Welcome to my home page!</h1>
<?php require ‘noFileExists.php’;
echo “I have a $color $car.”;
?>
</body>
</html>


Source: www.hackingarticles.in
Beginner Guide to File Inclusion Attack (LFI/RFI) Beginner Guide to File Inclusion Attack (LFI/RFI) Reviewed by Anonymous on 1:13 AM Rating: 5