For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacking Website using RFI Method
05-01-2017, 09:59 AM,
Post: #111
RE: Hacking Website using RFI Method
(05-17-2013, 11:28 PM)Codefiregreat! Wrote: What Is RFI(Remote File Inclusion)
Remote File Inclusion (RFI) is a type of vulnerability most often found  on websites. It allows an attacker to include a remote file, usually  through a script on the web server. The vulnerability occurs due to the  use of user-supplied input without proper validation. This can lead to  something as minimal as outputting the contents of the file, but  depending on the severity, to list a few it can lead to:


* Code execution on the web server
* Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
* Denial of Service (DoS)
* Data Theft/ManipulationRFI is a very uncommon vulnerability due to excessive patches and updates on websites.

S0 here we go _follow me____!!!!!

Finding a Vulnerable Site using Google Dorks and Checking for vulnerability
Here i provided a link for finding vulnerable sites using Google Dorks For RFI



Now for testing whether our site is vulnerable to RFI or not we will uss the following command

*

Suppose our target site is* *. So for checking our url will become something like diz

*

If after executing the command the homepage of the google shows up then  then the website is vulnerable to this attack if it does not come up  then the site is not vulnerable to RFI.

Exploiting The Vulnerability
For that you will need to upload your shell

You will need to upload your shell in .txt format (shell.txt) instead of  .php format (shell.php). I recommend you use c99, r57, Locus, etc.

You will need to upload it to any website hosting.
So once you have uploaded your shell to your website, it should look like this.




Now comes adding our shell to victims website

Okay, once we are at the vulnerable page (*)
we will have to replace*"http://www.google.com* *"* and include our own file(in my place its
(*)

Our new link should look like this.

*

*NOTE--> *The question mark (?) is important. If the site was  vulnerable you should now see your shell embedded to the webpage. You  can then do as you wish with it. Sometimes "shell.txt?" may not be  enough, we may need to use null bytes for it to execute successfully. If  you receive an error from "shell.txt?" try "shell.txt?".

* *Ok so we uploaded our shell successfully in the target site and i  think you all know that what all you can do after uploading shell to the  site Smile

[/HR]
Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
05-29-2017, 11:33 AM,
Post: #112
RE: Hacking Website using RFI Method
Thanks for the info.
Quote
06-02-2017, 02:06 AM,
Post: #113
RE: Hacking Website using RFI Method
thanks buddy is a good place to start
Quote
06-04-2017, 11:35 AM,
Post: #114
RE: Hacking Website using RFI Method
good sharing bro, thanks ......
Quote
10-20-2017, 01:03 PM,
Post: #115
RE: Hacking Website using RFI Method
we can find out more about all this
Quote
11-06-2017, 01:54 PM,
Post: #116
RE: Hacking Website using RFI Method
(06-16-2015, 12:11 AM)crownwealth Wrote: we can find out more about all this

ummmm let me take a look
Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
06-22-2018, 04:45 PM,
Post: #117
RE: Hacking Website using RFI Method
Tell me my bro. I will try.
Quote
03-19-2019, 05:28 AM,
Post: #118
RE: Hacking Website using RFI Method
thanks for a thread. looking forward to read it
Quote
03-06-2020, 04:49 PM,
Post: #119
RE: Hacking Website using RFI Method
Nice work with this!
Quote


Possibly Related Threads...
Thread Author Replies Views Last Post
LEGITIMATE HACKING SERVICES legionhackerusa 1 108 05-21-2020, 03:04 AM
Last Post: Robertner
LEGITIMATE HACKING SERVICES legionhackerusa 0 163 05-17-2020, 02:29 AM
Last Post: legionhackerusa
LEGITIMATE HACKING SERVICES legionhackerusa 0 176 05-14-2020, 02:02 AM
Last Post: legionhackerusa
LEGITIMATE HACKING SERVICES legionhackerusa 0 151 05-13-2020, 01:26 AM
Last Post: legionhackerusa
LEGITIMATE HACKING SERVICES legionhackerusa 0 155 05-12-2020, 01:25 AM
Last Post: legionhackerusa
LEGITIMATE HACKING SERVICES legionhackerusa 0 155 05-10-2020, 03:16 AM
Last Post: legionhackerusa
Come Finish Your Hacking Project with a reliable hacker... lacaset67 0 115 05-03-2020, 02:30 PM
Last Post: lacaset67
[How To] Reliable and ethical hacking services Maxxxxy1983 0 114 05-03-2020, 07:31 AM
Last Post: Maxxxxy1983
LEGITIMATE HACKING SERVICES legionhackerusa 0 100 04-30-2020, 12:52 AM
Last Post: legionhackerusa
Legitimate hacking services legionhackerusa 0 105 04-27-2020, 01:48 AM
Last Post: legionhackerusa

Forum Jump:


Users browsing this thread: 1 Guest(s)
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp


All rights reserved © 2012-2015 OffensiveCommunity, Designed at WallBB Co Uk
Powered By MyBB, © 2002-2020 MyBB Group.