RFI
PHP Example
Vulnerable Code:
phpCopy<?php
$template = $_GET['template'];
include($template);
?>
Reason for Vulnerability:
This code allows an attacker to include files from remote servers, potentially executing malicious code.
Fixed Code:
phpCopy<?php
$allowed_templates = ['header', 'footer', 'sidebar'];
$template = $_GET['template'];
if (!in_array($template, $allowed_templates)) {
die('Invalid template');
}
include __DIR__ . '/templates/' . $template . '.php';
?>
Reason for Fix:
The fixed code uses a whitelist of allowed templates and includes files from a specific local directory, preventing RFI.
Example 1: PHP
Vulnerable Code:
phpCopy code<?php
include($_GET['url']);
?>
Reason for vulnerability: User input is directly included, allowing RFI.
Fixed Code:
phpCopy code<?php
$url = filter_var($_GET['url'], FILTER_VALIDATE_URL);
if ($url && parse_url($url, PHP_URL_HOST) == 'trusted.com') {
include($url);
} else {
die('Invalid URL');
}
?>
Reason for fix: Validate and restrict URLs to trusted domains.
Example 2: Python
Vulnerable Code:
pythonCopy [email protected]('/fetch')
def fetch():
url = request.args.get('url')
response = requests.get(url)
return response.text
Reason for vulnerability: User input is directly used in the URL, allowing RFI.
Fixed Code:
pythonCopy [email protected]('/fetch')
def fetch():
url = request.args.get('url')
if not is_valid_url(url):
abort(400)
response = requests.get(url)
return response.text
Reason for fix: Validate and restrict URLs to trusted domains.
Last updated