# 7 - ​File & Resource Attacks

### Topics

> 1. [File Upload Vulnerability](/ewptv2-notes/readme/system-security-3/7.1-file-upload-vulnerability.md)
> 2. [Directory Traversal](/ewptv2-notes/readme/system-security-3/7.2-directory-traversal.md)
> 3. [File Inclusion (LFI and RFI)](/ewptv2-notes/readme/system-security-3/7.3-file-inclusion-lfi-and-rfi.md)

File attacks often involve manipulating or exploiting files to gain unauthorized access or execute malicious code. Common methods include file injection, path traversal, and buffer overflow attacks. For instance, in a path traversal attack, an attacker manipulates file paths to access directories and files outside the intended scope, potentially exposing sensitive information.

Resource attacks, on the other hand, target the availability and proper functioning of system resources such as memory, CPU, and network bandwidth. Denial-of-Service (DoS) attacks are a prevalent form of resource attack, where attackers overwhelm system resources to render services unavailable to legitimate users. These attacks can disrupt operations, cause financial losses, and damage the reputation of organizations.

{% hint style="danger" %}

#### ❗ Disclaimer

**Never use tools and techniques on real IP addresses, hosts or networks without proper     authorization!**❗
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev-angelist.gitbook.io/ewptv2-notes/readme/system-security-3.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.