LFI in parameter
File path fuzzing in query parameters and request body to identify potential Local File Inclusion vulnerabilities.
Local File Inclusion (LFI)
How this template works
APIs Selection
The template filters requests based on two conditions. It checks if the request payload or query parameter value matches a regular expression pattern that represents a file path. If a match is found, the file path is extracted and stored as a variable called "file_path".
Execute request
The template then modifies the query parameter and body parameter named "file_path" in the request. It replaces the parameter value with a list of predefined file paths from the "wordLists" section of the template.
Validation
After the request is executed, the template validates the response payload using a regular expression pattern. It checks if the response contains a string that starts with "root:" and ends with ":0:0:". If the pattern is matched, the validation is considered successful. That's it! The template filters requests, modifies parameters, and validates responses to test for potential Local File Inclusion vulnerabilities.
Frequently asked questions
What is the purpose of the LFI_IN_PARAMETER test in the given array
What are the potential risks associated with LFI vulnerabilities
What is the severity level of the LFI_IN_PARAMETER test
What are the categories and subcategories associated with this test
What are the tags associated with this test
What are the references provided for this test
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
