{"id":10973,"date":"2025-02-17T15:56:05","date_gmt":"2025-02-17T23:56:05","guid":{"rendered":"http:\/\/www.sumologic.com\/?post_type=glossary&#038;p=10973"},"modified":"2026-02-11T13:52:26","modified_gmt":"2026-02-11T21:52:26","slug":"file-inclusion","status":"publish","type":"glossary","link":"https:\/\/www.sumologic.com\/glossary\/file-inclusion","title":{"rendered":"File inclusion"},"content":{"rendered":"\n<section class=\"e-stn e-stn-0d652506f82b000a392973813b918ee25d5b4211 e-stn--glossary-inner-content e-stn--table-of-content\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-1f7b3997080fc292474d26ff00c905d99d3520fa e-col--content-wrapper  col-sm-12 col-lg-12 col-xl-12\">\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-9266f1e0fe39e4bca4150c62543d3cd9\" id=\"directory\">What is file inclusion?<\/h2>\n\n\n\n<p>One of the most common types of attacks against web servers stems from file inclusion vulnerabilities. File inclusion vulnerabilities can be primarily found on web applications that utilize a scripting runtime. These vulnerabilities give attackers access to sensitive files on their web servers or allow them to utilize include functionality to carry out malicious files on their servers. With access to unauthorized files, attackers can attain sensitive information or further compromise the victim\u2019s networks.<\/p>\n\n\n\n<div class=\"e-div e-div-6857ef72445df0ca4ab9eabd490a5b42d5da4400 e-div--list-wrapper\">\n<p class=\"has-eigengrau-color has-text-color has-link-color wp-elements-c1f9bf7a870009e3f2921c5f3b41bc1a\">Key takeaways<\/p>\n\n\n\n<ul class=\"wp-block-list has-delft-blue-color has-text-color has-link-color wp-elements-597822f411b1d58735c14dfecb8c1b45\">\n<li>Most file inclusion vulnerabilities are, like a lot of file-related vulnerabilities, due to weak validation processes that give access to user input without legitimate validation.<\/li>\n\n\n\n<li>There are two file inclusion vulnerability types that you should be aware of in preparing for an attack: Local file inclusion (LFI) and remote file inclusion (RFI).<\/li>\n\n\n\n<li>While file inclusion vulnerabilities are common and should be taken seriously, you can prevent attacks and minimize damage by taking a proactive security and sanitation approach.<\/li>\n\n\n\n<li>Sumo Logic\u2019s cloud-native, continuous intelligence platform will help you prevent and mitigate file inclusion threats by reducing downtime with real-time alerting, dashboards, and machine-learning-powered analytics.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-04ae0fdead7a2f7140ac768bac70085a\" id=\"features\">File inclusion attack types<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-fb59397982ecf625b67e7cf09dbc27e2\">There are two file inclusion vulnerability types that you should be aware of in preparing for an attack: local file inclusion (LFI) and remote file inclusion (RFI).<\/p>\n\n\n\n<p>The main difference between the two has to do with where a compromised file is originally located. LFI vulnerabilities are exploited through a file stored on the target server, while RFIs use a file from a third-party source.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>LFI involves\n<ul class=\"wp-block-list\">\n<li>When website or web application inputs aren\u2019t properly sanitized, local files on a server become vulnerable to attacks. User inputs that contain paths to files and are incorrectly validated, attackers can gain access to those files and retrieve sensitive files in other directories.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>The following&nbsp;<a href=\"https:\/\/resources.infosecinstitute.com\/topic\/file-inclusion-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">INFOSEC<\/a>&nbsp;example illustrates how a local file inclusion attack can occur:<\/p>\n\n\n\n<p><a href=\"https:\/\/www.sumologic.com\/abc.php?file=userinput.txt\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/victim_site\/abc.php?file=userinput.txt<\/a><\/p>\n\n\n\n<p><code>&lt;p dir=\"ltr\"&gt;&lt;?php<\/code><\/p>\n\n\n\n<p><code>\u2026<\/code><\/p>\n\n\n\n<p><code>include $_REQUEST[\u2018file\u2019];<\/code><\/p>\n\n\n\n<p><code>\u2026<\/code><\/p>\n\n\n\n<p><code>?&gt; &lt;\/p&gt;<\/code><\/p>\n\n\n\n<p>Attackers can insert a pernicious input to retrieve sensitive files within the current directory or traverse other directories to further compromise your system.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RFI\n<ul class=\"wp-block-list\">\n<li>Though similar, RFI vulnerabilities will utilize an external source, as opposed to accessing files within the local server, to execute an attack. Attackers will make use of the \u201cdynamic file include\u201d command to insert harmful external files or scripts. Without proper sanitization of files, attackers can take advantage of web applications to insert external files with harmful scripts.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Here\u2019s an example of how an RFI vulnerability might occur:&nbsp;<a href=\"https:\/\/www.sumologic.com\/abc.php?testfile=example\" target=\"_blank\" rel=\"noreferrer noopener\"><em>www.victim_site.com\/abc.php?testfile=example<\/em><\/a><\/p>\n\n\n\n<p>The vulnerable PHP code:&nbsp;<em>$test = $_REQUEST[\u201ctestfile\u201d]; Include($test.\u201d.php\u201d);&nbsp;<\/em>The \u201ctestfile\u201d parameter in this example is supplied by the user, and the code takes the \u201ctestfile\u201d and inserts it into the PHP file.<\/p>\n\n\n\n<p>In both cases, the vulnerabilities are a direct result of poor input validations, which means one of the only ways to prevent file inclusion vulnerabilities is to maintain your sanitation practices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-a2ee92378ceedf52b5874cd66ca1ffc4\" id=\"structure\">File inclusion vulnerability mitigation<\/h2>\n\n\n\n<p>Below are a few mitigation and remediation best practices that will help to ensure your inputs are safe from vulnerabilities.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User input sanitation has to be implemented to mitigate file inclusion attacks. It\u2019s also important, however, to remember that it\u2019s practically impossible to sanitize all user inputs and that sanitation is just one aspect of a holistic security effort.<\/li>\n\n\n\n<li>Two ways to ensure proper sanitation are 1) to accept file names with numbers 0-9 and letters A-Z, and 2) only allow files from one directory so you can avoid directory traversals.<\/li>\n\n\n\n<li>Create a&nbsp;<a href=\"http:\/\/www.sumologic.com\/glossary\/application-whitelisting\" data-type=\"glossary\" data-id=\"10831\">whitelist<\/a>&nbsp;when enabling remote file inclusion and ensure that you\u2019re only intaking files from that whitelist.<\/li>\n\n\n\n<li>Implement a scanning software to help you identify file inclusions swiftly so you can limit the harm it has on your server<\/li>\n\n\n\n<li>Take on a security solution that provides automated notifications and alerts<\/li>\n<\/ul>\n\n\n\n<p>While file inclusion vulnerabilities are common and should be taken seriously, you can prevent attacks and minimize damage by taking a proactive security and sanitation approach.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-sumo-logic-can-help\">How Sumo Logic can help<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-12b9168e03e261219e8fd7c5c9ef5df7\">Sumo Logic\u2019s cloud-native,&nbsp;<a href=\"https:\/\/www.sumologic.com\/continuous-intelligence-platform\/\">continuous intelligence platform<\/a>&nbsp;will help you prevent and mitigate file inclusion threats by reducing downtime with real-time alerting, dashboards, and machine-learning-powered analytics.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-d7246dbc5682e092119da4e24d359e1d\">Ensure your systems, networks, and servers have the 24\/7 protection and monitoring they need with&nbsp;<a href=\"https:\/\/www.sumologic.com\/\">Sumo Logic<\/a>&nbsp;today.<\/p>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"<p>Businesses rely on their web applications. They\u2019re the essential building blocks that provide organizations with the tools they need to execute their tasks, automate tedious processes, manage and store data, and so much more.<\/p>\n","protected":false},"author":4,"featured_media":0,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"3","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"translation_priority":[]},"selected_primary_terms":[],"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"class_list":["post-10973","glossary","type-glossary","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/glossary\/10973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"version-history":[{"count":4,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/glossary\/10973\/revisions"}],"predecessor-version":[{"id":69584,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/glossary\/10973\/revisions\/69584"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=10973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}