Once up on a time I had a closer look on RFI...

blocg

Thursday, January 29. 2009

Posted by christian in security

Comments (0)
Trackbacks (0)

Once up on a time I had a closer look on RFI...

While enjoying my first coffee this morning I read about one "Quick RFI Analysis" Jose Nazario published on "The Arbor Networks Security Blog". This reminded me of some research I have been doing at the beginning of last year. Remote File Inclusion (RFI) is an attack usually exploiting vulnerabilities within PHP scripts, allowing to include PHP code from another (remote) server. Even though RFI is well known already for a couple of years it still seems to be an issue, particularly since, as Jose writes in his Quick RFI Analysis: "AV is rarely ever invoked". I am going to publish some of my results in this field as soon as I find some time...

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information?