Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Imperva analyse trending hacking techniques and interestingattacks

May 2011 by Imperva

Imperva’s Hacker Intelligence Initiative has turned the tables on the hacking community by delving into their cyber-underground lair to provide analysis of the trending hacking techniques and interesting attack campaigns from the past month. The first, of what will be a monthly inside scope, looks at an attack which usually flies under the radar – Remote File Inclusion (RFI).

Amichai Shulman, Imperva’s co founder and CTO, believes, “Although these attacks have the potential to cause as much damage as the more popular SQL Injection and Cross-Site Scripting (XSS) attacks, they are not widely discussed and they need to be!”

Speaking about the attack format itself, Amichai explains, “Remote File Inclusion (RFI) is an attack that targets the computer servers that run web sites and their applications. RFI usually exploits the PHP programming language - used by many large firms including Facebook and SugarCRM. RFI works by exploiting applications that reference files hosted on different servers and, as PHP doesn’t properly sanitize the input to these requests, an RFI attack replaces these references with links to websites that are under the attacker’s control and can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.”

Amichai provides the following advice, “The most common protection mechanism against RFI attacks is based on signatures for known vulnerabilities in the Web application. From our observations, it is apparent that can we can improve the detection and blocking of such attacks by creating a blacklist of attack sources and a black list of URLs of remotely included malicious scripts. By having advanced knowledge of RFI attack sources allows the WAF to block an attack before it even begins. By creating a blacklist of the referenced URL enables the WAF to block exploits targeting zero-day vulnerabilities of applications. Finally, the blacklist of IPs constructed from the RFI attack observations could be used to block other types of attacks issued from the same malicious sources.”

HII has documented examples of automated attack campaigns launched in the wild.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts