Remote File Inclusion (RFI) is an attack that targets the
computer servers that run Web sites and
their applications. RFI exploits are most often attributed to the PHP
programming language used by many large firms including Facebook and SugarCRM.
However, RFI can manifest itself in other environments and was in fact
introduced initially as SHTML injection. RFI works by exploiting
applications that dynamically reference.
external
scripts indicated by user input without proper sanitation. As a consequence,
the application can be instructed to include a script hosted on a remote server
and thus execute code controlled by an attacker. The executed scripts can be
used for temporary data theft or manipulation, or for a long term takeover of
the vulnerable server.
Remote File Inclusion (RFI) is caused by insufficient validation
of user input provided as parameters to a Web application. Parameters that are
vulnerable to RFI enable an attacker to include code from a remotely hosted
file in a script executed on the application’s server. Since the attacker’s
code is thus executed on the Web server it might be used for temporary data
theft or manipulation, or for a long term takeover of the vulnerable server.
The RFI attack vector includes a URL reference to the remotely
hosted code. Most attacks include two steps. In the first step, the attack
vector references a simple validation script, usually capable of printing some
distinguished output to the HTML page. If the validation script is successfully
executed by the server under attack, then the attacker proceeds with a second
vector that references the actual payload script. The servers hosting the
script are either compromised servers or file sharing services.
Please like suscribe and follow.
No comments:
Post a Comment