1
00:00:00,420 --> 00:00:09,390
First of all, I would like to say that the LFI and RFI vulnerabilities are found much more frequently

2
00:00:09,810 --> 00:00:19,350
in Web applications developed in PHP or Java than other technologies due to the use that is made of

3
00:00:19,350 --> 00:00:22,800
the function include in these languages.

4
00:00:23,430 --> 00:00:29,090
Let's see some examples to understand where these vulnerabilities come from.

5
00:00:31,800 --> 00:00:40,800
Take the example shown in the slide, the PHP Web page through a combo box allows you to select the name

6
00:00:40,800 --> 00:00:48,600
of a language, and when the page is reloaded, this name is used to generate the name of a file that

7
00:00:48,600 --> 00:00:52,860
is loaded via the include function serverside.

8
00:00:53,730 --> 00:01:03,120
The vulnerability stems from the fact that the GET language variable is not validated before being

9
00:01:03,120 --> 00:01:05,700
used to determine the file name.

10
00:01:07,420 --> 00:01:15,490
So if an attacker values the value of the language parameter in the querystring to a local path or

11
00:01:15,490 --> 00:01:24,940
to a remote URL, in the absence of validation of the parameter value, it opens the side to LFI

12
00:01:24,970 --> 00:01:27,910
or RFI vulnerabilities.

13
00:01:30,890 --> 00:01:39,950
Here we see another example of Java page vulnerable to a LFI/RFI due to lack of validation of the

14
00:01:39,950 --> 00:01:44,930
path created by passing parameter p to the page.

15
00:01:48,210 --> 00:01:57,710
In general, the remedy for these vulnerabilities consists in verifying the path that is determined

16
00:01:57,780 --> 00:02:07,500
through data input based on a white-list of eligible path, discarding any other path value that does

17
00:02:07,500 --> 00:02:11,850
not fall within the white-list of acceptable paths.

18
00:02:14,590 --> 00:02:17,050
Thank you for your kind attention.