14 DAY TRIAL // Last week, Incapsula introduced new detection methods to improve the company’s solutions when it came to protecting users against Remote File Inclusion (RFI) attacks.
The company warns that although RFI attacks are often overlooked, they’re more widespread than most people assume.
RFI attacks are the ones that exploit user-input and file-validation vulnerabilities to upload a malicious payload, usually a shell that allows the attacker to gain high-privileged access to servers, websites and web apps.
RFI attacks mostly rely on zero-day vulnerabilities and they’re dangerous only in their early stages. Once the security hole is patched, the attack becomes ineffective.
One of the most famous RFI vulnerabilities is the one that impacted the WordPress TimThumb plugin.
Take a look at the infographic and the blog post released by Incapsula to find out more about RFI attacks.