Local File Inclusion (LFI)

Local File Inclusion (LFI) is a security vulnerability that allows a hacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application.

Local File Inclusion (LFI) is a security vulnerability that allows a hacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application. The Local File Inclusion vulnerability is created when the developer fails to ensure data validation of user-supplied inputs. Local File Inclusion attacks can lead to information disclosure, XSS (cross-site scripting), and RCE (remote code execution). Local File Inclusion is closely related to Remote File Inclusion (RFI). However, an attacker using LFI only includes local files (not remote files, as in the case of RFI).

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.

Try Bugcrowd Contact Us