Step by Step Hacking Website : Remote File Inclusion(RFI)
Saturday, March 15th, 2008Although Remote File Inclusion (RFI) exploits are very simple and are only found in about 1 in every 10 sites - they are still allot of fun to exploit. In this tutorial i will show you how to take advantage of this coding error and possibly take control of the site.
A Remote File Inclusion exploit is when we trick the web server in to putting our file (file uploader/php shell) in to the web page. It then parses our PHP script and we then have full ontrol over the server. The exploit works because when a website calls another page to be displayed except, we edit the url so that the website thinks our shell is the page to display.
i will show you how we can use google to get us vulnerable sites. this is the google dork to find RFI or remote file inclusion vulnerable :