May 28, 2026
File Inclusion Vulnerability Assessment
Introduction
By Kevin
1 min read
Introduction
File Inclusion vulnerabilities occur when applications improperly include files based on user-controlled input. Attackers can exploit this flaw to access sensitive files or execute malicious code.
Objective
The purpose of this assessment was to identify whether DVWA allowed unauthorized file access through directory traversal techniques.
Target Information
- Target Application: DVWA
- Vulnerability Module: File Inclusion
- Security Level: Low
Tools Used
- Browser
- Parrot OS
Payload Used
../../../../etc/passwd../../../../etc/passwdMethodology
- Opened the File Inclusion module.
- Modified the page parameter using directory traversal sequences.
- Attempted to access sensitive system files.
- Reviewed the server response.
Observation
The contents of the /etc/passwd file were displayed in the browser.
Screenshot
Evidence
- System account details became visible.
- Directory traversal succeeded successfully.
Explanation
The application allowed unsanitized file paths to be processed directly by the server.
Impact
- Sensitive information disclosure
- Server reconnaissance
- Potential remote code execution
- System compromise
Recommendations
- Validate file paths
- Restrict directory access
- Use allow-lists for permitted files
- Disable direct inclusion of user-controlled input
Conclusion
The assessment confirmed that DVWA was vulnerable to File Inclusion attacks due to insufficient validation of file path input.