Issue metadata
Sign in to add a comment
|
Security: Remote File Inclusion
Reported by
aminasd...@gmail.com,
Jan 18 2018
|
||||||||||||||||||
Issue descriptionURL : https://google.com?query=http%3A%2F%2Fwww.google.com%2F Parameter : Query Attack : http://google.com Evidence : <title>Google</title> Description : the HTTP request, the web application might be vulnerable to RFI. An attacker can use RFI for: * Running malicious code on the server: any code in the included malicious files will be run by the server. If the file include is not executed using some wrapper, code in include files is executed in the context of the server user. This could lead to a complete system compromise. * Running malicious code on clients: the attacker's malicious code can manipulate the content of the response sent to the client. The attacker can embed malicious code in the response that will be run by the client (for example, Javascript to steal the client session cookies). PHP is particularly vulnerable to RFI attacks due to the extensive use of "file includes" in PHP programming and due to default server configurations that increase susceptibility to an RFI attack.
,
Apr 26 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by nparker@chromium.org
, Jan 18 2018