Difference between directory traversal and file inclusion

Basically, the difference is that with a file inclusion vulnerability, the resource is loaded and executed in the context of the current application. A directory traversal vulnerability on the other hand, only gives you the ability to read the resource.

Example files:

File A is ../../../../configure.php
File B is index.php

There is a difference between being able to traverse up directories to access file A ( for example ) to read its contents, and that of being able to include the contents of file A, whether hosted locally or remotely, into the page execution of another file.

If a directory traversal existed to give the attacker access to file A, they should at least not be able to read the content of it. However if File B has this line in it ( or similar ):

if ( isset( $_GET[ 'id' ] ) ) include( $_GET[ 'id' ] . ".php" );

Then it is possible to have the content of file A included in base64 encoding, into file B in what is called a Local File Inclusion attack.

index.php?id=php://filter/read=convert.base64-encode/resource=../../../../config

That is how I understand the difference to be.

Difference between directory traversal and file inclusion

Tags:

Directory Traversal

Web Application

Related

Recent Posts