skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

GLOSSARY

Local File Inclusion (LFI)

Local File Inclusion (LFI) is a security vulnerability that allows a hacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application.

Local File Inclusion (LFI) is a security vulnerability that allows a hacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application. The Local File Inclusion vulnerability is created when the developer fails to ensure data validation of user-supplied inputs. Local File Inclusion attacks can lead to information disclosure, XSS (cross-site scripting), and RCE (remote code execution). Local File Inclusion is closely related to Remote File Inclusion (RFI). However, an attacker using LFI only includes local files (not remote files, as in the case of RFI).

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Back To Top