Request a Demo

allow_url_include Enabled

Description

This vulnerability was detected using the information from phpinfo() page.
When the “allow_url_include” option is enabled, it is possible to retrieve data from remote places such as servers for uploading files (FTP) or websites using functions like “fopen”.
If a user’s input is not being validated properly, we may be exposed to “remote file inclusion vulnerabilities”.

This may have several different consequences, depending on the included functionality, some examples are :

  • Injection of malicious malware.
  • Information exposure by granting excessive privileges or permissions to the untrusted sources or functions.
  • Stealing user’s saved session data (Cookies).

Recommendation

Disable “allow_url_include” from :

  • For php.ini : allow_url_include = ‘off’
  • For .htaccess : php_flag allow_url_include off.

References

https://www.php.net/manual/en/filesystem.configuration.php

https://cwe.mitre.org/data/definitions/16.html

< Return to all Vulnerabilities

Request a Demo

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »
Facebook Linkedin

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?

Log in
Facebook Linkedin