This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: Remote and Local File Inclusion Vulnerabilities 101  (Read 2417 times)

0 Members and 1 Guest are viewing this topic.

Offline noob

  • Knight
  • **
  • Posts: 202
  • Cookies: 29
    • View Profile
Remote and Local File Inclusion Vulnerabilities 101
« on: April 18, 2012, 02:30:33 PM »
1. Executive Summary
2. Introduction
3. PHP internals
3.1 PHP execution process
3.2 PHP include function
4. Malicious file includes – RFI
4.1 Classic RFI
4.2 Classic RFI “in the wild”
4.3 Advanced RFI using PHP streams
5. Malicious File Includes (MFI)
5.1 Adding PHP code to log files
5.2 Uploading user content with Embedded PHP code
5.2.1 Editing file content to embed PHP code
5.2.2 PHP code-embedded files detection
6. Malicious file inclusion in the wild
6.1 Background
6.2 Remote file inclusion in the wild
6.2.1 Attack sources analysis
6.2.2 Shell hosting URLs analysis
6.2.3 Shell analysis
7. Mitigating RFI/LFI
8. Appendix A – PHP streams and wrappers

Code: [Select]
http://www.imperva.com/docs/HII_Remote_and_Local_File_Inclusion_Vulnerabilities.pdf
« Last Edit: April 18, 2012, 02:31:06 PM by noob »
Report to moderator   Logged
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.