SANS Institute InfoSec Reading Room
If you look at the logs of just about any production web server, you are bound to find signs of a remote file include (RFI) attack. It is easy to disregard them as low hanging Internet broadscan noise, but attackers would not be scanning the Internet for vulnerable hosts if they were not also successfully exploiting them.
This paper describes the mechanics of a RFI attack by doing a code analysis and an attack walk through on a vulnerable application. Detecting an attack is discussed by writing sample IDS signatures an...
This paper will take a multi-perspective view of remote file include attacks,specifically those exploiting weaknesses in PHP web applications--as the scripting language has allowed a large number of vulnerabilities to be created. We will cover the mechanics of RFI attacks before detailing the perspective of both analysts and attackers.