← Cybersecurity Alphabet Soup

LFI

Local File Inclusion

attacksmedium

Local File Inclusion occurs when a web application can be tricked into loading files from the server's own filesystem that were never meant to be exposed. Attackers use it to read configuration files, credentials, or source code, and in some cases escalate it to code execution. It stems from building file paths out of untrusted user input.

Sources

More in attacks