Acrónimos: RFI
Abuso
de servidores de aplicaciones web a los que se les fuerza para que entreguen
software dañino.
Remote File
Inclusion (RFI) is an attack that targets the computer servers that run Web
sites and their applications. RFI exploits are most often attributed to the PHP
programming language used by many large firms including Facebook and SugarCRM.
However, RFI can manifest itself in other environments and was in fact
introduced initially as "SHTML injection". RFI works by exploiting
applications that dynamically reference external scripts indicated by user
input without proper sanitation. As a consequence, the application can be instructed
to include a script hosted on a remote server and thus execute code controlled
by an attacker. The executed scripts can be used for temporary data theft or
manipulation, or for a long term takeover of the vulnerable server.
http://www.imperva.com/resources/glossary/glossary.html
Temas relacionados