RFI Full Tutorial For All New N00bs

Intro: What is RFI?? 1.Understanding RFI 2.Finding RFI vulnerabilities 3.Exploiting RFI vulnerabilities 4.Securing RFI vulnerabilities RFI means Remote file inclusion.  RFI is a type of web application security hole. On the net, there are so many sites which are vulnerable to RFI. In this tutorial, I am going to show you RFI with PHP.  PHP is a web script engine. Its the most widely used one so that's why I am using it in this tutorial. Learn more about PHP: http://php.net http://en.wikipedia.org/wiki/PHP To...

Read More

LFI with perl script :D

Source Download from here Features Signature-free Session Splicing User-Agent and Log injection Arithmetic Test Usage perl lfi_autopwn.pl -h www.vuln.tld -u "/vuln.ext?page=main&foo=bar" -i page This script will attempt to gain code execution on sites vulnerable to local file inclusion via an httpd error log or by modifying the user-agent and including a file containing environment variables. The php code execution test...

Read More

How to use lfimap tool for LFI :D

Installation $ cd /data/src/ $ wget http://lfimap.googlecode.com/files/lfimap-1.4.8.tar.gz $ mkdir -p /pentest/web/ $ tar xvzf lfimap-1.4.8.tar.gz -C /pentest/web/ Usage Syntax $ python lfimap.py -t <target> [options] Options --target, -t <target> Target. E.g. http://www.test.com/ss.php?page=[LFI HERE] --null, -n Put a null byte to bypass some controls --user, -u <user> Is used to send username in basic authentication --passw,...

Read More

How to hack a website with Local file inclusion or LFI

To find a vulnerable website, we will be using what is known as a Google 'acronym class="bbc ipSeoAcronym" title="Google dorks; simply Google search a specific string or term to yield the desired results. often considered hacking' class='bbc ipSeoAcronym'>dork'. All you have to do is paste the acronym class="bbc ipSeoAcronym" title="Google dorks; simply Google search a specific string or term to yield the desired results. often considered hacking' class='bbc ipSeoAcronym'>dork into Google search, and see what you find!   allinurl:index.php?page= Essentially...

Read More

how to finds your profile visitors

#Use Google Chrome 1- Copy All Code →→ http://pastebin.com/raw.php?i=WwqLxmYe 2- Go To Your Profile (Not Home Page) 3- Press F12 or Right Click→InspectElement→Console. 4- Paste All Script By Press Ctrl+V. 5- Press "ENTER" on Keyboard. Wait 3-4 minutes You Will Know Who Visiting Your Profile NOTE: If the application is not working, go here http://www.facebook.com/selfxss > > checkbox reading "Allow My Account to be hijacked if I paste the malicious JavaScript" ** If failed or warning appears, ignore it. Refresh and try aga...

Read More