1
00:00:00,300 --> 00:00:00,800
Hello.

2
00:00:01,260 --> 00:00:07,020
we'll see in this session two laboratories related to local file inclusion and remote file inclusion.

3
00:00:07,050 --> 00:00:13,410
Let's start from local file inclusion lab. In this page through the Load button the content of

4
00:00:13,410 --> 00:00:21,200
a static HTML page is loaded with postback to the page itself.

5
00:00:23,030 --> 00:00:26,900
So let's see, which static page I refer to.

6
00:00:28,710 --> 00:00:36,630
The page that loads is the datiLFI.html with this static content, you see.

7
00:00:38,860 --> 00:00:44,350
This page is inside the virtual directory of the Web application.

8
00:00:45,940 --> 00:00:54,790
And this is the behaviour that the programmer would expect that is loading the content of this static page.

9
00:00:57,700 --> 00:00:59,400
If the vulnerability is present

10
00:00:59,420 --> 00:01:07,970
What can the malicious attacker do, a malicious attacker can change the path value of the file to

11
00:01:07,970 --> 00:01:12,080
be loaded, assigned to the ID parameter.

12
00:01:15,960 --> 00:01:25,290
Going to insert a local path inherent to a file present on the server, when the page is reloaded, its content

13
00:01:25,500 --> 00:01:26,880
is seen.

14
00:01:28,570 --> 00:01:36,160
In this way, the malicious attacker knowing files in known positions on the server's file system, could read

15
00:01:36,160 --> 00:01:38,310
the contents at will.

16
00:01:41,310 --> 00:01:41,990
OK.

17
00:01:44,660 --> 00:01:48,350
Let's see how we can remedy this vulnerability.

18
00:01:48,560 --> 00:01:55,400
Let's go to the source code of the page that processes the content of the static file.

19
00:01:56,280 --> 00:01:56,880
And

20
00:01:58,030 --> 00:01:59,560
We can

21
00:02:01,200 --> 00:02:08,040
uncomment a Switch construct that verifies that the file to be loaded falls into a white-list

22
00:02:08,220 --> 00:02:13,860
of admissible paths, in any other case, the file is not loaded.

23
00:02:16,090 --> 00:02:22,210
Now, let's try to rerun the laboratory, having applied the mitigation.

24
00:02:24,070 --> 00:02:32,020
And we should see that the access to unexpected files will no longer be possible.

25
00:02:32,960 --> 00:02:38,420
So let's see, i run the laboratory again.

26
00:02:40,450 --> 00:02:52,240
And I try again the malevolent injection of an illegal path, but as you can see this time, the

27
00:02:52,240 --> 00:03:01,780
attack is not successful, and the content of the illegal file is no longer accessible.

28
00:03:03,110 --> 00:03:08,360
We can also see a similar example for the remote file inclusion vulnerability.

29
00:03:09,400 --> 00:03:16,600
The programmer expects to load again the same static page, but in the form of a URL. The

30
00:03:16,600 --> 00:03:20,510
URL that the programmer expects is that of the application.

31
00:03:20,530 --> 00:03:27,100
But if RFI vulnerability is present, a malicious attacker

32
00:03:28,160 --> 00:03:34,810
could force the application to load the resource from a remote URL

33
00:03:35,970 --> 00:03:43,620
So we can try to inject a remote URL and force the application to load that resource.

34
00:03:45,580 --> 00:03:46,240
And.

35
00:03:47,670 --> 00:03:50,670
Here, is the result.

36
00:03:52,030 --> 00:03:52,870
You can see now.