Loading remote_file_inclusion.md +5 −3 Original line number Diff line number Diff line # Remote File Inclusion Remote file inclusion uses pretty much the same vector as local file inclusion. A remote file inclusion vulnerability lets the attacker execute a script on the target-machine even though it is not even hosted on that machine. RFI's are less common than LFI. Because in order to get them to work the developer must have edited the **php.ini** configuration file. RFI's are less common than LFI. Because in order to get them to work the developer must have edited the `php.ini` configuration file. This is how they work. Loading Loading @@ -34,6 +36,6 @@ So when the victim-server includes this file it will automatically execute the c ## Avoid extentions Remember to add the nullbyte **%00** to avoid appending **.php**. This will only work on php before version 5.3. Remember to add the nullbyte `%00` to avoid appending `.php`. This will only work on php before version 5.3. If it does not work you can alsog add a **?**, this way the rest will be interpreted as url parameters. No newline at end of file If it does not work you can also add a `?`, this way the rest will be interpreted as url parameters. No newline at end of file Loading
remote_file_inclusion.md +5 −3 Original line number Diff line number Diff line # Remote File Inclusion Remote file inclusion uses pretty much the same vector as local file inclusion. A remote file inclusion vulnerability lets the attacker execute a script on the target-machine even though it is not even hosted on that machine. RFI's are less common than LFI. Because in order to get them to work the developer must have edited the **php.ini** configuration file. RFI's are less common than LFI. Because in order to get them to work the developer must have edited the `php.ini` configuration file. This is how they work. Loading Loading @@ -34,6 +36,6 @@ So when the victim-server includes this file it will automatically execute the c ## Avoid extentions Remember to add the nullbyte **%00** to avoid appending **.php**. This will only work on php before version 5.3. Remember to add the nullbyte `%00` to avoid appending `.php`. This will only work on php before version 5.3. If it does not work you can alsog add a **?**, this way the rest will be interpreted as url parameters. No newline at end of file If it does not work you can also add a `?`, this way the rest will be interpreted as url parameters. No newline at end of file
