1
00:00:01,590 --> 00:00:04,290
Hello, everyone, and welcome to this video.

2
00:00:05,190 --> 00:00:11,370
So in this video, we are going to learn about one of the most important vulnerability, which is known

3
00:00:11,370 --> 00:00:12,360
as viral inclusion.

4
00:00:13,200 --> 00:00:21,510
But before starting file inclusion types of attacks, we need to distinguish between a unique vulnerability,

5
00:00:21,900 --> 00:00:27,660
which is sometimes confused with file inclusion, which is known as part traversal.

6
00:00:28,680 --> 00:00:29,250
All right.

7
00:00:29,250 --> 00:00:33,930
So let's jump into this and see what this actually is.

8
00:00:35,400 --> 00:00:40,290
The first question that should arise to your mind is why file inclusion?

9
00:00:41,070 --> 00:00:47,540
Does these types of one's abilities really hold that much of importance then set?

10
00:00:47,550 --> 00:00:55,920
Is this high value target if you are able to identify any final conclusion and to those, for example,

11
00:00:55,920 --> 00:01:01,260
Uber, PayPal, Google, Facebook, etc., then this vulnerability.

12
00:01:02,250 --> 00:01:09,750
Has the CBO scored, which lies in the range of high to critical, so what actually is final inclusion?

13
00:01:10,560 --> 00:01:17,070
So this vulnerability exist when any Web application includes a file without correctly sanitizing the

14
00:01:17,070 --> 00:01:25,650
input, which allows the attacker to manipulate the input and inject part traversal characters and include

15
00:01:25,650 --> 00:01:33,090
other files from the Web server, which basically means you need to identify an injection point and

16
00:01:33,090 --> 00:01:35,700
you need to include any file from the server.

17
00:01:36,560 --> 00:01:42,920
And if the server gives you that particular file, then, yes, you have successfully identified a file

18
00:01:42,920 --> 00:01:50,180
inclusion based vulnerabilities abilities now to make the situations more worse, you can include some

19
00:01:50,180 --> 00:01:56,450
of the sensitive files from the server, which will hold a lot of security and make the book critical.

20
00:01:57,950 --> 00:02:04,790
All right, so I have demonstrated a diagram over here in which you can see on the left hand side is

21
00:02:04,790 --> 00:02:05,540
the attacker.

22
00:02:05,930 --> 00:02:11,940
On the right hand side is the server, which may be one labeled two part traversal or file inclusion.

23
00:02:13,370 --> 00:02:18,860
So the first thing that will happen over here is the attacker is going to send a request to the server

24
00:02:19,310 --> 00:02:23,130
and in return, the server is going to reply with a response.

25
00:02:23,840 --> 00:02:31,730
Now, in part, traversal based vulnerability's attacker is able to read one of the file from the server.

26
00:02:32,150 --> 00:02:37,970
For instance, if the given server is running onto a Linux based operating systems, then the attacker

27
00:02:37,970 --> 00:02:41,780
is able to read that possibility or the ADC shadow file.

28
00:02:42,650 --> 00:02:50,630
And if the system is running on a Windows based computer, then the attacker can read the log file or

29
00:02:50,660 --> 00:02:52,140
the Butut any file.

30
00:02:53,360 --> 00:02:53,900
All right.

31
00:02:55,310 --> 00:03:04,640
Now, to understand this mode and to get a clear picture of what is the difference between part traversal

32
00:03:04,640 --> 00:03:11,120
and file inclusion, you can see this figure in which you can see there are two circles, the outer

33
00:03:11,120 --> 00:03:12,560
circle and the inner circle.

34
00:03:13,310 --> 00:03:16,610
The Outer Circle represents file inclusion.

35
00:03:18,050 --> 00:03:23,670
The inner circle represents, which is a subset part traversal.

36
00:03:24,560 --> 00:03:31,940
So this basically means file inclusion based vulnerability's is the combination of parts traversal plus

37
00:03:31,940 --> 00:03:37,550
execute files, which basically means in file inclusion.

38
00:03:37,700 --> 00:03:44,410
You're able to read the files from any server and also you're able to execute files as well.

39
00:03:45,110 --> 00:03:50,260
And if able to execute the files, then you have found a valid file, inclusion based vulnerability.

40
00:03:50,960 --> 00:03:52,670
So I hope this is clear with everyone.

41
00:03:53,150 --> 00:04:01,580
And you know, now that that the bot traversal is a subset of file inclusion and file inclusion, you

42
00:04:01,580 --> 00:04:05,680
can also execute the files onto the server in the next video.

43
00:04:05,690 --> 00:04:12,260
So we are going to see how you can demonstrate a file inclusion and part traversal like vulnerabilities

44
00:04:12,260 --> 00:04:13,430
onto any given server.

45
00:04:13,880 --> 00:04:14,420
Thank you.