A Multi-Perspective View of PHP Remote File Include Attacks
Page 1 of 1
A Multi-Perspective View of PHP Remote File Include Attacks
SANS Institute InfoSec Reading Room
If you look at the logs of just about any production web server, you are bound to find signs of a remote file include (RFI) attack. It is easy to disregard them as low hanging Internet broadscan noise, but attackers would not be scanning the Internet for vulnerable hosts if they were not also successfully exploiting them.
This paper describes the mechanics of a RFI attack by doing a code analysis and an attack walk through on a vulnerable application. Detecting an attack is discussed by writing sample IDS signatures an...
This paper will take a multi-perspective view of remote file include attacks,specifically those exploiting weaknesses in PHP web applications--as the scripting language has allowed a large number of vulnerabilities to be created. We will cover the mechanics of RFI attacks before detailing the perspective of both analysts and attackers.
Download PDF
If you look at the logs of just about any production web server, you are bound to find signs of a remote file include (RFI) attack. It is easy to disregard them as low hanging Internet broadscan noise, but attackers would not be scanning the Internet for vulnerable hosts if they were not also successfully exploiting them.
This paper describes the mechanics of a RFI attack by doing a code analysis and an attack walk through on a vulnerable application. Detecting an attack is discussed by writing sample IDS signatures an...
This paper will take a multi-perspective view of remote file include attacks,specifically those exploiting weaknesses in PHP web applications--as the scripting language has allowed a large number of vulnerabilities to be created. We will cover the mechanics of RFI attacks before detailing the perspective of both analysts and attackers.
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Windows live Messenger malformed file overflow DoS remote exploitation.
» Got a view like Matrix
» Interception Attacks Against SSL
» Zero-Day PowerPoint Attacks Under Way
» WordPress 2.8.3 Remote admin reset password
» Got a view like Matrix
» Interception Attacks Against SSL
» Zero-Day PowerPoint Attacks Under Way
» WordPress 2.8.3 Remote admin reset password
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum