Imperva Blog|Login|中文Deutsch日本語

ADC Hacker Intelligence Initiative

The Imperva Hacker Intelligence Initiative goes inside the cyber-underground and provides analysis of the trending hacking techniques and interesting attack campaigns.

Selected Tag: LFI | Show All

Download Report

Remote and Local File Inclusion Vulnerabilities 101


Remote and local file inclusion (RFI/LFI) attacks are a favorite choice for hackers and many security professionals aren't noticing. RFI/LFI attacks enable hackers to execute malicious code and steal data through the manipulation of a company's web server. RFI was among the four most prevalent Web application attacks used by hackers in 2011. In fact, RFI/LFI was used most prominently by hacktivists. Most recently, a military dating website was breached using RFI/LFI by hacktivist group Lulzsec. RFI and LFI attacks take advantage of vulnerable PHP Web application parameters by including a URL reference to remotely hosted malicious code, enabling remote execution. PHP is a programming language designed for Web development and is in use across more than 77 percent of applications on the Internet.

Tags: File Inclusion, Remote File Inclusion, RFI, LFI, Web Application Attacks, Hacktivist, Hacking


Download Report

Imperva's Web Application Attack Report (January 2012)


Imperva monitored and categorized attacks across the internet targeting 40 different enterprise and government web applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation.

Tags: Application Security, Remote File Inclusion, RFI, SQL Injection, SQLi, Local File Inclusion, LFI, Cross Site Scripting, XSS, Directory Traversal, DT, Data Security, Web Application Attacks

Selected Tag: LFI | Show All