This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

PHP File Inclusion

From OWASP
Revision as of 14:50, 5 November 2008 by KirstenS (talk | contribs)

Jump to: navigation, search 
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


ASDR Table of Contents


Last revision (mm/dd/yy): 11/5/2008

Description

PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.

Risk Factors

TBD


Examples

<?PHP include '/path/filename.php'; include_once 'path/filename.class.php'; require '../path/filename.inc'; require_once 'filename.inc.php'; ?>

Related Attacks

  • Remote file inclusion using variables from the request POST or GET


Related Vulnerabilities

Related Controls


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

Retrieved from "https://wiki.owasp.org/index.php?title=PHP_File_Inclusion&oldid=45891"