Local File Inclusion (LFI)

Local File Inclusion (LFI) is a type of vulnerability that allows an attacker to trick your application into loading local files from the server.
This can lead to sensitive data exposure, code execution, or full system compromise.

What is LFI?

An attacker tries to manipulate input parameters to include files from the server.
For example:

GET /index.php?page=../../etc/passwd
If the app does not properly validate the page parameter, it may return the contents of /etc/passwd.

Common targets
System files (e.g., /etc/passwd, /etc/hosts)

Application configuration files

Log files that may contain credentials or session tokens

## How BlackLab helps
BlackLab’s LFI plugin detects and blocks these attempts by scanning for suspicious path patterns such as:

../ (directory traversal)

Absolute paths like /etc/passwd

Encoded traversal (..%2F)

Example configuration:

```ruby

BlackLab.configure do |config|
  config.plugins = [
    BlackLab::Plugins::LfiPlugin.new(weight: 2)
  ]
  config.callback_threshold = 3
end

Getting started

Plugins

Write your own plugin

What is LFI?

Getting started

Plugins

Write your own plugin

​What is LFI?

What is LFI?