LFI can lead to code execution
- Yes
- No
- Yes but on certain conditions
What are the conditions of when an LFI can lead to RCE, if any
- You need to be able to get files on the server somehow
- The files can not be filtered or you have to have a bypass for the filters
- The files need to be saved in the /root/ directory
- Files should be stored on a remote server
- None of the above
What are the conditions of when an RFI can lead to RCE, if any
- You need to be able to get files on the server somehow
- The files can not be filtered or you have to have a bypass for the filters
- The files need to be saved in the /root/ directory
- Files should be stored on a remote server
- None of the above
What are some general tips for securing against LFI/RFI?