The Secrets of Exploiting Local and Remote File Inclusion

  • Wednesday, 22 May 2013 4:00AM EDT (22 May 2013 08:00 UTC)
  • Speaker: Justin Searle
Join us for a two part webcast and taste a sample of SANS's new 6-day course SEC642: Advanced Web App Penetration Testing and Ethical Hacking. These webcasts will delve into the secrets of exploiting local file include (LFI) and remote file include (RFI) vulnerabilities. And if you thought LFI and RFI vulnerabilities only affected PHP web applications, think again. We'll take you through the techniques to find and exploit these flaws in .NET, Java, and our good old friend that has long since held the reputation of containing file inclusion vulnerabilities, PHP. We'll reveal tricks how to prevent the web server from executing code in its server-side source files allowing you to retrieve the source code you shouldn't be able to see. We'll also teach you how to get your own code up to the server for arbitrary code execution through those file inclusion vulnerabilities. Don't miss this opportunity to sample one of our hottest classes, SEC642, the sequel to our original 6-day web penetration class SEC542.