LinkedInGitHub

Remote File Inclusion (RFI)

Attack the target, gain command execution by exploiting the RFI vulnerability, and then look for the flag under one of the directories in /

Step 1 - Test for RFI:

  • On the suspicious vulnerable URL, include a local URL:

    • http://127.0.0.1/index.php

  • We successfully loaded the index.php again

Step 2 - Create a custom web shell:

  • Shell script:

  • Host the shell:

Step 3 - Test the web shell and look for the flag:

  • Insert the host URL with a command on the vulnerable parameter:

  • From the output above, our web shell is working perfectly

  • Look for the flag wih cat ../../../exercise/flag.txt:

And we got another flag!

PreviousPHP WrappersNextLFI and File Uploads

Last updated