Hey friends...Now we will know about Website hacking method "Remote File Inclusion (RFI)" . Thisexploits are very simple and are only found in about 1 in every 10 sites - they are still allot of fun toexploit. In this tutorial i will show you how to take advantage of this coding error and possibly take control of the site.This article is for Educational Purpose Only...so please Use this for knowledge Only !
This articles will be unserstandable mostly by web developers,or how know some web programming in html,php,asp etc...Lets start..
A Remote File Inclusion vulnerability is where we trick the web server in to putting our file (file uploader / php shell) in to the web page. It then parses our PHP script and we then have full control over the server. The exploit works because when a website calls another page to be displayed except, we edit the url so that the website thinks our shell is the page to display.
Normally, I'm against stuff like this. I believe people should find their own vulnerablesites. But, for the sake of this paper, i will show you how we can use google to get us vulnerable sites.
We will query google like so:
This articles will be unserstandable mostly by web developers,or how know some web programming in html,php,asp etc...Lets start..
A Remote File Inclusion vulnerability is where we trick the web server in to putting our file (file uploader / php shell) in to the web page. It then parses our PHP script and we then have full control over the server. The exploit works because when a website calls another page to be displayed except, we edit the url so that the website thinks our shell is the page to display.
Normally, I'm against stuff like this. I believe people should find their own vulnerablesites. But, for the sake of this paper, i will show you how we can use google to get us vulnerable sites.
We will query google like so:
inurl:"index.php?page="
No comments:
Post a Comment