Remote File Inclusion (RFI) is a type vulnerability most often found on website. It allows an attacker to include a remote file, usually through script on the web server.
The vulnerability occurs due to the use of user supplied input without proper validation.
The example of a vulnerable site will be /include.php?file=howto.php
It is used to have full access to a website.To protect your site from this attack just use the following code on your site:
<?php
$page = $_GET['page'];
switch($page){
case "page1":
include("page1.php");
break;
case "page2":
include("page2.php");
break;
default:
include("home.php");
break;
}
?>
<?php
$page = $_GET['page'];
switch($page){
case "page1":
include("page1.php");
break;
case "page2":
include("page2.php");
break;
default:
include("home.php");
break;
}
?>
No comments:
Post a Comment