DNS Pharming through PHP Injection: Attack Scenario and Investigation

Autor: Divya Rishi Sahu, Deepak Singh Tomar
Rok vydání: 2015
Předmět:
Zdroj: International Journal of Computer Network and Information Security. 7:21-28
ISSN: 2074-9104
2074-9090
DOI: 10.5815/ijcnis.2015.04.03
Popis: With the increase in technology, Internet has provided set of tools and technologies which has enabled web programmers to develop effective websites. PHP is most widely used server side scripting language and more than twenty million of web sites are designed through PHP. It has used as a core script in Web Content Management System (WCMS), such as Joomla, WordPress, Drupal, SilverStripe etc. PHP has also security flaws due to the certain vulnerabilities such as PHP injection, remote file inclusion and unauthorized file creation. PHP injection is a variant of code injection attacks in which PHP script may be exploited to execute remote commands. The contribution of this paper is twofold: First, it presents a unifying view of PHP injection vulnerability, which causes alteration in the "hosts file"; Second, It introduces an investigation process against alteration in "hosts file" through PHP injection. This attack has been introduced as a type of DNS pharming. In this investigation process a chain of evidence has been created and an algebraic signature has been developed to detect explained attack.
Databáze: OpenAIRE