DNS Pharming through PHP Injection: Attack Scenario and Investigation
Autor: | Divya Rishi Sahu, Deepak Singh Tomar |
---|---|
Rok vydání: | 2015 |
Předmět: |
Pharming
Computer Networks and Communications Computer science business.industry Applied Mathematics File inclusion vulnerability Web content management system computer.software_genre Computer Science Applications Set (abstract data type) World Wide Web Server-side scripting Operating system The Internet Code injection business Safety Research computer Software Code injection attacks Information Systems |
Zdroj: | International Journal of Computer Network and Information Security. 7:21-28 |
ISSN: | 2074-9104 2074-9090 |
DOI: | 10.5815/ijcnis.2015.04.03 |
Popis: | With the increase in technology, Internet has provided set of tools and technologies which has enabled web programmers to develop effective websites. PHP is most widely used server side scripting language and more than twenty million of web sites are designed through PHP. It has used as a core script in Web Content Management System (WCMS), such as Joomla, WordPress, Drupal, SilverStripe etc. PHP has also security flaws due to the certain vulnerabilities such as PHP injection, remote file inclusion and unauthorized file creation. PHP injection is a variant of code injection attacks in which PHP script may be exploited to execute remote commands. The contribution of this paper is twofold: First, it presents a unifying view of PHP injection vulnerability, which causes alteration in the "hosts file"; Second, It introduces an investigation process against alteration in "hosts file" through PHP injection. This attack has been introduced as a type of DNS pharming. In this investigation process a chain of evidence has been created and an algebraic signature has been developed to detect explained attack. |
Databáze: | OpenAIRE |
Externí odkaz: |