I have a RFI question. And I have hit a strange dead end.
I guess the question is not so much just how it is done, but I would like to have my "I" using a shell prompt of some sort.
I wonder first of all, to share with me the proper steps of a righteous RFI attack, and the second please, to share with me a nice shell.
====
So far, I have read and absorbed much material on this topic.
I have tried it, you know to test if they are vuln, you throw in a site like google, and if it is on the page somewhere, than you have a real victim.
Anyhow, I think I have the concept and idea, but there is a few things that just are not registering at all!
RFI
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Re: RFI
Are you talking about a RFI scanner? If so mind sharing it with us because I would like to get my hands on one.zeus_zf wrote: you throw in a site like google, and if it is on the page somewhere, than you have a real victim.
RFI means Remote File Injection. This vulnerability on a PHP website allows you to force a website to load instead of it's own file a remote file that you have specified. So first of all you need that site and file that you are going to specify the website to load and is going to give you admin right on the victims website. If you see what I mean.zeus_zf wrote:Anyhow, I think I have the concept and idea, but there is a few things that just are not registering at all!
We will either find a way, or make one.
- Hannibal
- Hannibal