Security Plugins Hub

Bring your software development workflows to security

icon-lfi

Local File Inclusion

Signals & Triggers

On file system access
If user input matched in file access command

Actions

  • Block the HTTP request Block the HTTP request
  • Log request stack trace Log request stack trace
  • Log the malicious request Log the malicious request
  • Report an incident Report an incident

Notifications

  • Send an email to all team members Send an email to all team members
  • Send a Slack notification. Send a Slack notification.
  • POST to your Webhook. POST to your Webhook.
  • Send to New Relic Insights. Send to New Relic Insights.
  • Create an incident on PagerDuty (coming soon) Create an incident on PagerDuty (coming soon)

Details

Sqreen prevents attackers from accessing the server’s file system to perform Local File Inclusion attacks.

Let’s say we have the following payload:

{
    "image": "myImage.jpg"
}

This results in the following call: open('imgs/user1/myImage.jpg'). It would allow a user to legitimally access an image through the web server.

A malicious attacker would try to abuse this by crafting a payload:

{
    "image": "../user2/hiImage.jpg"
}

This would result in the following call: open('imgs/user1/../user2/hisImage.jpg'), giving access to someone’s else images to the attacker.

The same approach can be used to execute arbitrary code if the LFI happens in a module inclusion (include in PHP, require in NodeJS, etc).

Advanced details

When an HTTP request triggers a file access, this plugin triggers on the following conditions:

  • the path starts at the root filesystem (/ on UNIX systems) and if the whole path is injected by the user
  • the user input traverse back to the root filesystem of the server (the attacker was able to inject a ../ in the path)

Language support

  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

No data collected


On attack
  • Request payload
  • Stack trace
  • Attacker IP
  • Attacker account (Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" > config/sqreen.yml

$ curl -s https://download.sqreen.io/php/install.sh > sqreen-install.sh && bash sqreen-install.sh your token

$ pip install sqreen

$ echo -e "[sqreen]\ntoken: your token" > sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-.jar -o sqreen.jar

 

// Add JVM startup options:

-javaagent:/path/to/sqreen.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 14 days · No credit card required Sign up Request demo