Local File Inclusion (LFI) attack attempts

Tactic:

TA0010-exfiltration

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect serious local file inclusion (LFI) attempts on routes with errors related to file inclusion. Such security activity generally indicates that an attacker is trying to exploit a potential LFI vulnerability.

Strategy

Monitor local file inclusion attempts ("@appsec.security_activity:attack_attempt.lfi) on services generating errors related to this type of attack (@_dd.appsec.enrichment.error_messages:(*File* OR *Directory* OR *ENOENT* OR *EACCES* OR *include_path*)).

Generate an Application Security Signal with High severity.

Triage and response

  1. Consider blocking the attacking IP(s) temporarily to prevent them from reaching deeper parts of your production systems.
  2. Investigate the errors generated by this attack to identify if any vulnerabilities need to be fixed.