Web Exploitation
Local File Inclusion (LFI) & Remote File Inclusion (RFI)
What is LFI & RFI? LFI and RFI vulnerabilities exist when a web page allows user input to specify a file path to be loaded onto a page. With local file inclusion (LFI), the attacker can exploit this to view local files on the server. Remote file inclusion (RFI) allows the attacker to load a…
SQL Injection
What is SQL Injection? SQL Injection is a security vulnerability that exists when an input field on a web page interacting with an SQL database fails to properly sanitize the input. This allows the attacker to exploit this vulnerability by injecting malicious SQL code, tricking the server into executing arbitrary queries. Demonstration This write-up will…
Wise Forensics 