A sound framework for dynamic prevention of Local File Inclusion

Tajbakhsh, Mir Saman; Bagherzadeh, Jamshid

doi:10.1109/ikt.2015.7288798

Cited by 7 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FIGURE 14: Exploit RFI and execute payload from attacker server [182] State-of-the-art research of File Inclusion Solutions A prevention technique presented by Tajbakhsh and Bagherzadeh [183], called AntiLFIer, prevents local file inclusion vulnerability in PHP language. This framework is written in Java and work by only allowing to include PHP scripts that are locally located in the root folder or subfolder related to the web site.…”

Section: • Local File Inclusion(lfi)mentioning

confidence: 99%

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Faisal

Elshoush

2023

IEEE Access

View full text Add to dashboard Cite

In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks are performed and focused on the vulnerabilities related to web applications. Hence, nowadays the mitigation of application vulnerabilities is an ignited research area. Thus, due to the potential high severity impacts of web application, many different approaches have been proposed in the past decades to mitigate the damages of application vulnerabilities. Static and dynamic analysis are the two main techniques used. In this paper, a new classification for web application input validation vulnerabilities is proffered. In addition, various techniques/tools that are used to detect them are analyzed and evaluated to apprehend their strengths and weaknesses. Thus, this paper provides both technical as well as literature countermeasures to input validation vulnerabilities. Moreover, various statistical distributions of the reviewed techniques were manifested and scrutinize in different aspects to reveal the perception of the prevailing techniques and the gaps in the literature. In addition, the most widespread metrics are also propounded.

show abstract

Section: • Local File Inclusion(lfi)mentioning

confidence: 99%

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Faisal

Elshoush

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…To counteract the threat of LFI, Tajbakhsh et al introduced in [15] a method to dynamically prevent local file inclusion (LFI) by attackers in web applications. They used PHP to describe the vulnerability and prevent it.…”

Section: Background and Literature Reviewmentioning

confidence: 99%

“…Then, the attacker includes the log file to execute a malicious code. An alternate log poisoning method discussed in [15] is performing the attack using emails. An attacker may find access to email files on the server and try to send an email containing malicious code.…”

Section: Background and Literature Reviewmentioning

confidence: 99%

Log Poisoning Attacks in Internet of Things (IoT)

Noman,

Abu-Sharkh,

Noman

2023

Preprint

View full text Add to dashboard Cite

The rapid spread of IoT devices has introduced a complex landscape of security threats, compromising device functionality and user privacy. Among these threats, log poisoning attacks have recently garnered attention among cybersecurity practitioners for their severity and effectiveness. Log poisoning involves the manipulation of automatically generated logs in IoT devices, significantly compromising the attacked device and making it susceptible to malicious code execution, which may lead to further destructive cyberattacks. This paper is the first to comprehensively address log poisoning attacks on IoT systems and devices. We introduce various methodologies to perform such attacks, focusing particularly on practical implementations involving misconfigured log files on Raspberry Pi 4, which is commonly used in IoT applications. We also introduced a technique that advanced adversaries can employ to cover their tracks effectively. Through Intrusion Modes and Criticality Analysis (IMECA), we analyze the severity and potential impact of these attacks and propose mitigation strategies to avoid the occurrence of such attacks. We emphasize the importance of adopting mitigation strategies to maintain the confidentiality, integrity, and reliability of IoT ecosystems. As a further step to counteract the threat, we design a novel technique to detect and mitigate log poisoning attacks.

show abstract

“…In the publication Tajbakhsh and Bagherzadeh (2015), conducted a short survey on static and dynamic code analysis, thereby proposing a framework to prevent malicious files from hackers dynamically. The results show that the proposed framework can prevent FI quite effectively.…”

Section: Other Vulnerabilitiesmentioning

confidence: 99%