1. Local file contains
Capture, modify the parameters
Execute malicious files
Successful implementation
2. Remote File Inclusion
Remote File Inclusion Vulnerability. Is the ability to include files on a remote server and perform. Since the file server is remote controlled us, so once there is a big loophole would be harmful.
But the use of more stringent conditions of RFI, the need to configure the php.ini
- allow_url_fopen = On
- allow_url_include = On
3. unsafe file downloads
Modify capture parameters, arbitrary download
4. File Upload (client check)
The client checks if, first put a file format of packet capture modified when submitting upload on the line
Upload 1.txt Success
5. File Upload (server check)