RFI question
RFI question
I'm just starting to learn about Remote File Inclussion so bear with me please. Would it be possible to have the target site run a program like Cain or something similar using RFI? I understand how to insert a file to exploit and exploit but can you have the site run an entire program?
A Remote File Inclusion lets you run a remote PHP file. In this PHP file you can do anything you can normally do in PHP (within the limits of their configuration).
PHP has quite a few Program execution Functions that you can use to run programs on the server. If there is a Cain and Abel executable on the server, and you have permission to execute it, then it shouldn't be a problem.
Since Cain and Abel is graphical program, don't expect to be able to do much more than to open it.
PHP has quite a few Program execution Functions that you can use to run programs on the server. If there is a Cain and Abel executable on the server, and you have permission to execute it, then it shouldn't be a problem.
Since Cain and Abel is graphical program, don't expect to be able to do much more than to open it.