Pages: 1 2 [3]

Author Topic: Remote File Inclusion (RFI)  (Read 41107 times)

0 Members and 2 Guests are viewing this topic.

Offline @Veritas_Triumphus

  • Peasant
  • *
  • Posts: 65
  • Cookies: 2
    • View Profile
Re: Remote File Inclusion (RFI)
« Reply #30 on: May 08, 2012, 02:46:10 pm »
My apologies if its forbiden to "revive" thread but I had to add that I have never seen so good explained tutorial in my life. So much thanks Ande.
Logged
Code: [Select]
while (1) {
document.write("I love EvilZone.org" + "<br />");
}

Offline Traitor4000

  • Knight
  • **
  • Posts: 191
  • Cookies: 8
    • View Profile
Re: Remote File Inclusion (RFI)
« Reply #31 on: December 04, 2013, 02:23:23 am »
Yeah nice tutorial certainly gonna save this one in my archive.
ps. Wolf your profile picture gives me a seizure  :P
« Last Edit: December 04, 2013, 02:23:39 am by Traitor4000 »
Logged
The most vulnerable part of an impenetrable system is those who believe it to be so.

Offline like2code

  • /dev/null
  • *
  • Posts: 12
  • Cookies: 1
    • View Profile
Re: Remote File Inclusion (RFI)
« Reply #32 on: June 23, 2014, 03:16:07 pm »
Since this thread is bumped anyway.
Some little tricks i learned (some time ago, i.e. they might not work anymore)

/proc/self/environ
If you only have an LFI posibility but no RFI, and are one a OS supporting the proc filesystem:
Try including /proc/self/environ. It contains (if not disabled) at least with appache, variables like User-Agent, Referer,  and so on for the current request.
Both variables are under our control, so setting the user agent to
Code: (php) [Select]
<?php 'MINI_SHELL_OR_DROPPER_CODE' ?>could be interesting.
AFAIR: setting the login shell from the appache user to /sbin/nologin leads to no used environment variables.

Wrappers + filters
If you just want to read the source code of a php page using a LFI PHPs filter might be interesting.
They can be applied to to the file name like:
Code: [Select]
php://filter/convert.base64-encode/resource=FileNameToReadi.e. if we want to read the source code of 'password.php' via an LFI in index.php the request string might be looking like this:
Code: [Select]
http://somedomain.com/index.php?page=php://filter/convert.base64-encode/resource=passwordThis would return the content as base64 encoded text.
There are other filters like rot13 also.

Edit: I just realized that ande also wrote something about LFI containing this information (with way better explanation).
« Last Edit: June 24, 2014, 10:30:09 pm by like2code »
Logged
#define while if

Offline dotszilla

  • Peasant
  • *
  • Posts: 68
  • Cookies: -61
  • ..you'll either LOVE me or HATE me..
    • View Profile
Re: Remote File Inclusion (RFI)
« Reply #33 on: June 30, 2015, 08:14:27 am »
great tutorial bro.. dont get more easier to understand than that lol...

P.S you got some typos in there, i would recommend you do a spell check and fix the where/were mistakes.. i say that because for people reading it that english is not their forte, it could sound confusing.. besides that awesome tutorial..


EDIT: i just saw how old this was XD .... lol
« Last Edit: June 30, 2015, 08:16:04 am by dotszilla »
Logged
"The box said 'Requires Windows XP or better'. So I installed LINUX..."

Offline heeraj123

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Remote File Inclusion (RFI)
« Reply #34 on: November 24, 2015, 08:04:05 am »
We can even read the source code by using php filter by decoding the base64 filter.

http://www.example.com?page=php://filter/convert.base64-encode/resource=index

By decoding the base64 you would get the source.
Logged
Pages: 1 2 [3]