A hacker would either upload them to a remote server or just use a Google dork to locate them already online and insert them. A Google dork i the act of using Google’s provided search tools to help get a specific search result.Ģ.Website that include pages have a navigation system similar to:ģ.To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like the following:Ĥ.If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell.ĥ.A couple of the most popular shells are c99 and r57. Many hackers us Google dorks to locate servers vulnerable to RFI. Now let’s go through the steps a hacker would take to exploit this type of vulnerability in a website.ġ.First the hacker would find a website that gets its pages via the PHP include() function and is vulnerable to RFI. Although as of PHP 6.0, register_globals has been depreciated and removed, many websites still rely on older versions of PHP to run their webapplications.
Many servers are vulnerable to this kind of attack because of PHP’s default settings of register_globals and allow_url_fopen being enabled. With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system.
Remote File Inclusion (RFI)occurs when a remote file, usually a shell(a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server.
0 kommentar(er)
