Study on Remote File Attacking – Inclusion & Detection

Bhawna Sinha, Dr. D. K. Singh, Dr. Pankaj Kumar

Abstract


Presently applications of web are increasing exponentially. We are almost totally dependent on Internet and associated technologies. Huge applications in all walk of lives are inviting attacks on them. Their usage are under constant by hackers that exploit their vulnerabilities to disrupt business and access confidential information. SQL Injection and Remote File Inclusion are the two most frequently used exploits and hackers prefer easier rather than complicated attack techniques. RFI is an overlooked menace. RFI attacks are more widespread than most assume. RFI attacks are today's most common security threat, accounting for more than 25% of all malicious sessions, far surpassing XSS (12%) and even exceeding SQLIs (23%). RFI uses the weakness of PHP language which in today’s world is the most widely used.


Keywords


Security, Exploit, Vulnerability, RFI, Attack, File Inclusion

References


Michal Hubczyk, Adam Domanski, and Joanna Domanska, “Local and Remote file inclusionâ€, Springer 2012.

Documentation - “A Multi-Perspective View of PHP Remote File Include Attacksâ€, SANS Institute 2010.

José Fonseca, Marco Vieira, Henrique Madeira, “The Web Attacker Perspective – A Field Studyâ€, IEEE 2010.

Chris Snyder, Thomas Myer, and Michael Southwell, “Preventing Remote Executionâ€, Springer 2010.

El-Bahlul Fgee, Ezzadean H. Elturki, A. Elhounie, “Security for Dynamic Websites in Educational Institutionâ€, IEEE 2012 Sixth International Conference.

Robert Moskovitch, Dima Stopel, Clint Feher, Nir Nissim, Yuval Elovici, “Unknown Malcode Detection via Text Categorizationâ€, IEEE 2008.

Hugo F. Gonz´alez Robledo, “Types of hosts on a Remote File

Inclusion(RFI) botnetâ€, IEEE 2008.

Jun-Hyung Park, Minsoo Kim, Bong-Nam Noh, James B D

Joshi, “A Similarity based Technique for Detecting Malicious Executable files for Computer Forensicsâ€, IEEE 2006

Brad Wardman, Gaurang Shukla, Gary Warner, “Identifying Vulnerable Websites by Analysis of Common Strings in Phishing URLs†, IEEE 2009

Yuxin Meng, Lam-for Kwok, “A Generic Scheme for the Construction of Contextual Signatures with Hash Function in Intrusion Detectionâ€, IEEE 2011

“ModSecurity Rule Writing Workshop†Ivan Ristic

Or Katz , Breach Security Inc. Documentation - “Detecting Remote File Inclusion Attackâ€, May 2009


Full Text: PDF [Full Text]

Refbacks

  • There are currently no refbacks.


Copyright © 2013, All rights reserved.| ijseat.com

Creative Commons License
International Journal of Science Engineering and Advance Technology is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJSEat , Permissions beyond the scope of this license may be available at http://creativecommons.org/licenses/by/3.0/deed.en_GB.

Â