Skip to content Local File Inclusion occurs when a web application accepts user-supplied input and passes it directly to a file-system API (such as PHP's include , Python's open() , or Node.js's fs.readFile ) without proper sanitization.
import boto3 ssm = boto3.client('ssm') secret = ssm.get_parameter(Name='/prod/db_password', WithDecryption=True)
: This translates to /root/.aws/credentials , the default location where the AWS Command Line Interface (CLI) stores sensitive access keys for the root user. 2. The Danger of Exposed Credentials -template-..-2F..-2F..-2F..-2Froot-2F.aws-2Fcredentials
Security best practices in IAM - AWS Identity and Access Management
The most effective way to protect credentials is to not have them on the server at all. Local File Inclusion occurs when a web application
What or framework your web application uses.
: Many regulatory standards require strict controls over access to sensitive data. Exposing credentials can put you out of compliance with these standards. The Danger of Exposed Credentials Security best practices
Regular API interactions occurring via unexpected toolkits, scripts, or non-standard command-line interfaces. Mitigation and Prevention Best Practices
: The attacker is attempting to break out of a web application's root directory ( -template- ) and traverse up the file system to the root user's home directory ( /root/ ) to steal high-privilege AWS credentials.