Hacking For Beginners – Manthan Desai
2010
39. Hack a website by Remote File Inclusion
Another website attack named Remote file found in webapplication. This type of vulnerability allows If the attackergets successful in performing the attack he/she any commandon it.
Searching the VulnerabilityRemote File inclusion vulnerability is usually occurred in those sites which have a navigation similar to the below one
www.Targetsite.com/index.php?page=Anything
To find the vulnerability the hacker will most commonly use the Dork
"inurl:index.php?page=”
This will show all the pages which has "index.php?page=” in test whether the website is vulnerable toRemote file Inclusion or not the hacker use the following command
www.targetsite.com/index.php?page=www.google.com
Let’s say that the target website is http://www.cbspk.com So the hacker URL will become
http://www.cbspk.com/v2/index.php?page=http://www.google.com
If after executing the command the homepage of the google shows up then the website is vulnerable to this attack if itdoes not come up then you should look for a new target. In my case after executing the above command in the addressbar Google homepage shows up indicating that the website is vulnerable to this attack.
www.hackingtech.co.tv
Page 205