Facebook Hacked Again 675
Recently i came accross another threat on facebook. Some geeks termed it as Remote File Inclusion Attack @#!%@... For me its a Stupid Attack.
Remote file inclusion (Stupid Attack)is a very common web application attack which occurs because the application is not able to validate included files. we actually found many of the apps on facebook were vulnerable to remote file inclusion attack.
How the attack is carried out:
Step 1 - The attacker creates a malicious jpg file, because the upload of PHP is mostly banned on webservers with user level privileges. Therefore the hacker renames a PHP shell to some thing like shell.php.jpg in order to upload it to the webserver.
Step 2 - Next the hacker exploits RFI vulnerability in order to reference malicious JPG, which paramtere is something like.
.php?page=url of your malicious image
Step 3 - Next the attacker takes control of the server by just going to the url of the JPG image.
Imperva suggests a four step mitigation process which can be found inside the image below, However it includes the deployment of web application firewall eg . (ModSecurity, AQTRONIX WebKnight..) but what if some one is not using a WAF, However will he be protected?
If you like our post, Do like us on facebook :-P