Work place: CSE Department, MANIT, Bhopal, 462003, India
E-mail: divyarishi.sahu@manit.ac.in
Website:
Research Interests: Computer Science & Information Technology, Information Systems, Information Retrieval, Information Theory
Biography
Divya Rishi Sahu is currently pursuing his Ph. D. in CSE department from Maulana Azad National Institute of Technology (MANIT), Bhopal, India. He obtained B. E. (Information Technology) from IGEC, Sagar and M Tech (Information Security) from MANIT, Bhopal. He has published more than 10 research papers.
By Divya Rishi Sahu Deepak Singh Tomar
DOI: https://doi.org/10.5815/ijcnis.2015.04.03, Pub. Date: 8 Mar. 2015
With the increase in technology, Internet has provided set of tools and technologies which has enabled web programmers to develop effective websites. PHP is most widely used server side scripting language and more than twenty million of web sites are designed through PHP. It has used as a core script in Web Content Management System (WCMS), such as Joomla, WordPress, Drupal, SilverStripe etc. PHP has also security flaws due to the certain vulnerabilities such as PHP injection, remote file inclusion and unauthorized file creation. PHP injection is a variant of code injection attacks in which PHP script may be exploited to execute remote commands. The contribution of this paper is twofold: First, it presents a unifying view of PHP injection vulnerability, which causes alteration in the ‘hosts file’; Second, It introduces an investigation process against alteration in ‘hosts file’ through PHP injection. This attack has been introduced as a type of DNS pharming. In this investigation process a chain of evidence has been created and an algebraic signature has been developed to detect explained attack.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals