Include vulnerability

Include vulnerability

A server-side include vulnerability is a vulnerability that can potentially allow an attacker to execute arbitrary scripts on a host server by including the file in an existing script. This can be caused by allowing unchecked user data in include directives in scripting languages, such as PHP.

A PHP example

In PHP, the include() function will allow the application developer to include an external PHP script in the running script. However, if it is possible for an outsider to pass in arguments to the include function, it may be possible for a malicious user to pass in a web URL instead of a file name, allowing a (potentially) malicious script to be included and executed on the host server. This may allow an attacker to compromise the host server, or steal user data. This is a form of cross-site scripting Vulnerability, and can be prevented by checking and escaping user input to the include function, or making sure all includes are not modifiable by users.

ee also

* Server Side Includes


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Vulnerability (computing) — In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or other malware,… …   Wikipedia

  • Vulnerability — For other uses of the word Vulnerability , please refer to vulnerability (computing) You may also want to refer to natural disaster. Vulnerability is the susceptibility to physical or emotional injury or attack. It also means to have one s guard… …   Wikipedia

  • Vulnerability assessment — A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed for include, but are not limited to,… …   Wikipedia

  • Windows Metafile vulnerability — The Windows Metafile vulnerability is a security vulnerability in Microsoft Windows NT based operating systems which has been used in a variety of exploits since late December 2005. The vulnerability was first discussed in the computer security… …   Wikipedia

  • Information Assurance Vulnerability Alert — An Information Assurance Vulnerability Alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by DoD CERT, a division …   Wikipedia

  • Climate Vulnerability Monitor — Author DARA (international organization) Climate Vulnerable Forum Language English Published 2010 The Climate Vulnerability Monitor (CVM) is an independent global assessment of the effect of climate change on the world’s populations brought… …   Wikipedia

  • Open Vulnerability and Assessment Language — (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL… …   Wikipedia

  • Diablo Canyon earthquake vulnerability — Diablo Canyon (Nuclear) Power Plant, located on the water s edge in San Luis Obispo County California, was originally designed to withstand a 6.75 magnitude earthquake from four faults, including the nearby San Andreas and Hosgri faults,[1] but… …   Wikipedia

  • Reducing Americans' Vulnerability to Ecstasy Act — The Reducing Americans Vulnerability to Ecstasy Act, commonly known as the RAVE Act, was a bill proposed in the United States Senate during the 107th Congress. A substantially similar law, the Illicit Drug Anti Proliferation Act was passed during …   Wikipedia

  • Immersed tube — An Immersed Tube is a kind of underwater tunnel comprised of segments and/or elements, constructed elsewhere and floated to the tunnel’s site to be sunken into place (often into an excavated trench), with the elements being connected, finished… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”