1
00:00:00,290 --> 00:00:06,560
In this video, we are going to see what is file inclusion and we are going to solve the low difficulty

2
00:00:06,590 --> 00:00:09,650
file inclusion challenge on dam vulnerable web application.

3
00:00:11,110 --> 00:00:11,890
File inclusion.

4
00:00:11,890 --> 00:00:17,050
Vulnerability is a type of vulnerability that allows an attacker to include a file, usually through

5
00:00:17,050 --> 00:00:21,280
a script on a web server that is not properly checked for validity.

6
00:00:21,700 --> 00:00:28,090
This can also allow an attacker to execute arbitrary code, including PHP code on the server, potentially

7
00:00:28,090 --> 00:00:29,470
leading to server compromise.

8
00:00:30,650 --> 00:00:33,590
Now there are two main types of file inclusion vulnerabilities.

9
00:00:33,920 --> 00:00:39,650
The first is local file inclusion that allows an attacker to include files that are stored locally on

10
00:00:39,650 --> 00:00:40,340
the server.

11
00:00:41,890 --> 00:00:47,680
Then remote file inclusion, which allows an attacker to include files from a remote server such as

12
00:00:47,680 --> 00:00:48,620
through a URL.

13
00:00:52,620 --> 00:00:57,600
You should be on Linux or Parrot OS in VMware VirtualBox or running natively on your PC.

14
00:00:59,990 --> 00:01:03,410
Go to settings and set the difficulty to low.

15
00:01:06,630 --> 00:01:11,070
Click on the first file, we can see that file name is included in the URL.

16
00:01:11,340 --> 00:01:15,000
Now we can provide any file name that is on the system to open it.

17
00:01:15,240 --> 00:01:20,520
For example, we can check the passed file as under and open the password file on the system that contains

18
00:01:20,520 --> 00:01:21,630
the user details.

19
00:01:25,820 --> 00:01:27,770
Now let's see the actual demonstration.

20
00:01:30,920 --> 00:01:34,280
First of all, set the security level of too low.

21
00:01:35,690 --> 00:01:37,280
Go to file inclusion tab.

22
00:01:39,670 --> 00:01:45,730
And you can see that if we click any file on the server, it will execute on the server and we can also

23
00:01:45,730 --> 00:01:47,530
see the file name in the URL.

24
00:01:51,320 --> 00:01:56,960
If we replace the file name with the complete path of password file, we can get the details of users.

25
00:01:59,770 --> 00:02:03,040
And you can see that all details of users have been displayed.

26
00:02:05,870 --> 00:02:09,320
Which means the site is vulnerable to local file injection attack.