Local File Inclusion (LFI) attack attempts
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect serious local file inclusion (LFI) attempts on routes with errors related to file inclusion. Such security activity generally indicates that an attacker is trying to exploit a potential LFI vulnerability.
Strategy
Monitor local file inclusion attempts ("@appsec.security_activity:attack_attempt.lfi) on services generating errors related to this type of attack (@_dd.appsec.enrichment.error_messages:(*File* OR *Directory* OR *ENOENT* OR *EACCES* OR *include_path*)).
Generate an Application Security Signal with High severity.
Triage and response
- Consider blocking the attacking IP(s) temporarily to prevent them from reaching deeper parts of your production systems.
- Investigate the errors generated by this attack to identify if any vulnerabilities need to be fixed.
