A prototype system to scrutinize PHP code injection attacks

The growth of web applications on Internet has led to the increase in cyber crime. The attacker may inject malicious code into text boxes of vulnerable web application such as guest book, feedback form, search box, etc. which may be further executed by web server. The execution of system call and API on web server by attacker through PHP code injection may damage the file system or leaks configuration information of web server. PHP code injection attacks have become more extensive in nature due to the emergence of dynamic web paradigms. Dynamic features and functionalities of a web site are controlled through PHP language. Hence, the use of PHP language (which itself carries vulnerabilities) in dynamic web page results in higher possibilities of successful execution of code injection attacks. The aim of this paper is twofold. Firstly, to understand the web application vulnerabilities related to PHP code injection attack, two PHP code injection attack scenarios have been developed. Secondly, to accurate and fast incident determination from gathered evidences a tagging system based on domain dictionary has been developed. The proposed prototype system shall be helpful for law enforcement agency to effectively gather and analyze evidences subjected to PHP code injection attacks.