Follow us on Twitter!
Don't judge the unknown - Grindordie
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

RFI Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-08-08 13:17
Could someone please tell me:
1. Is a site vulnerable to RFI if when the whole page is the site you put the website after page=
instead of a bit of both?
2. Could someone give me a few more strings to help me find them in google?
I've got stuff like
inurl:"index.php?page=main"
inurl:"index.php?page="
etc but niether of those are very good
Thanks


Author

RE: RFI Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-08-08 13:26
@down
U're right, I don't wanna spoon feeding Wink




Edited by on 11-08-08 17:34
Author

RE: RFI Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-08-08 15:46
moshbat wrote:
You're spoon feeding, why?


it's a lot queries to search rfi, i just only want to show him, how many strings he can generate himself Smile

inurl:"index.php?page=main"
inurl:"index.php?page="
are popular strings, so i think, he doesn't understand rfi idea well Wink if he see how many string he can found, i think, he'll search next without help Wink


Author

RE: RFI Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-08-08 15:57
PHmaster wrote:
moshbat wrote:
You're spoon feeding, why?


it's a lot queries to search rfi, i just only want to show him, how many strings he can generate himself Smile

inurl:"index.php?page=main"
inurl:"index.php?page="
are popular strings, so i think, he doesn't understand rfi idea well Wink if he see how many string he can found, i think, he'll search next without help Wink


The strings in and of themselves don't really mean shit. Just because ?page=main or ?page=downloads, it's including them with a switch case. You could have just said browse google for something like inurl:"index.php?page=X" try different things with X and see if you can come up with a vulnerability.

RFI is one of the least common exploits you can find because PHP By default comes with the ability to include remote files off, then you also have to have no clue how to patch such a thing, so most professionally released CMS' RARELY ever have an RFI exploit.