Local file inclusion vulnerability triggered

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect successful exploits of the local file inclusion vulnerability.

Strategy

Run a heuristic in the library (rule rasp-930-100) to monitor file access.
When a file is accessed from a path controlled by the user (and that the path doesn’t appear legitimate), those specific accesses are highlighted.
Since the exploit is proven and the attacker may be leaking sensitive data, the severity of the signal is set to CRITICAL.

Triage and response

  1. Consider blocking the attacking IPs temporarily to slow down the further exploitation of your infrastructure.
  2. Consider switching the WAF rule rasp-930-100 to blocking mode to prevent exploitation.
  3. Leverage traces to determine the vulnerable codepath, and fix the code.
PREVIEWING: may/unit-testing