Arbitrary File Read

Arbitrary File Read is a vulnerability class that allows attackers to read files from the server's filesystem that they should not have access to. This can expose sensitive configuration files, source code, credentials, and private data.

How It Works

The vulnerability occurs when an application reads files based on user-controlled input without proper validation. Unlike LFI, arbitrary file read doesn't execute the file contents - it simply returns them to the attacker.

Common Vulnerable Patterns

# File download functionality
GET /download?file=../../../etc/passwd

# Image/document display
GET /image?path=../../../../app/config/database.yml

# API file retrieval
GET /api/files?name=../../../.env

# PDF/report generation from templates
POST /report?template=../../../../etc/shadow

High-Value Targets

• Credentials: .env, database.yml, config.php, wp-config.php
• Source code: Application files revealing logic and vulnerabilities
• System files: /etc/passwd, /etc/shadow, SSH keys
• Cloud metadata: AWS credentials at 169.254.169.254
• Secrets: API keys, JWT secrets, encryption keys

Escalation Potential

• Read database credentials → database access
• Read SSH keys → server access
• Read source code → find more vulnerabilities
• Read JWT secrets → forge authentication tokens

See Also

• Path Traversal
• Local File Inclusion
• Arbitrary File Write