The Lab #4 Assessment Questions and Answers
1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today’s Internet world?
7. What is a Server Side Include (SSI)? What are the ramifications if an SSI exploit is successful?
The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields. The attacker can access sensitive information, such as password files, and execute shell commands. The SSI directives are injected in input fields and they are sent to the web server. The web server parses and executes the directives before supplying the page. Then, the attack result will be viewable the next time that the page is loaded for the user's browser.
8. According to the TippingPoint Report researched in this lab how do SMB attacks measure up to HTTP attacks in the recent past?
Symantec identified a significant shift in an attackers tactics: 31% of targeted attacks were aimed at businesses with fewer than 250 employees. This shows a threefold increase from Symantec Corp.'s 2012 report, and is the latest sign that attackers are broadening their search for susceptible targets.
9. According to the TippingPoint Report, what are some of the PHP RFI payload effects DVLabs has detected this year?
The common vulnerabilities in a CMS are unpatched or poorly patched plug-ins rather than the core system. Poor patch management represents a large